Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2011-1533)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.122030

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2011-1533)

Summary: The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2011-1533 advisory.

Description: Summary:
The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2011-1533 advisory.

Vulnerability Insight:
[2.1.3-9.el6]
- Add current password prompt when changing own password in web UI (#751179)
- Remove extraneous trailing ' from netgroup patch (#749352)

[2.1.3-8.el6]
- Updated patch for CVE-2011-3636 to include CR in the HTTP headers.
xmlrpc-c in RHEL-6 doesn't suppose the dont_advertise option so that is
not set any more. Another fake header, X-Original-User_Agent, is added
so there is no more trailing junk after the Referer header. (#749870)

[2.1.3-7.el6]
- Require an HTTP Referer header to address CSRF attackes. CVE-2011-3636.
(#749870)

[2.1.3-6.el6]
- Users not showing up in nis netgroup triple (#749352)

[2.1.3-5.el6]
- Add update file to remove entitlement roles, privileges and
permissions (#739060)

[2.1.3-4.el6]
- Quote worker option in krb5kdc (#748754)

[2.1.3-3.el6]
- hbactest fails while you have svcgroup in hbacrule (#746227)
- Add Kerberos domain mapping for system hostname (#747443)
- Format certificates as PEM in browser (#701325)

[2.1.3-2.el6]
- ipa-client-install hangs if the discovered server is unresponsive (#745392)
- Fix minor problems in help system (#747028)
- Remove help fix from Disable automember patch (#746717)
- Update minimum version of sssd to 1.5.1-60 to pick up SELinux fix (#746265)

[2.1.3-1.el6]
- Update to upstream 2.1.3 release (#736170)
- Additional branding (#742264)
- Disable automember cli (#746717)
- ipa-client-install sometimes fails to start sssd properly (#736954)
- ipa-client-install adds duplicate information to krb5.conf (#714597)
- ipa-client-install should configure hostname (#714919)
- inconsistency in enabling 'delete' buttons (#730751)
- hbactest does not resolve canonical names during simulation (#740850)
- Default DNS Administration Role - Permissions missing (#742327)
- named fails to start after installing ipa server when short (#742875)
- Duplicate hostgroup and netgroup should not be allowed (#743253)
- named fails to start (#743680)
- Global password policy should not be able to be deleted (#744074)
- Client install fails when anonymous bind is disabled (#744101)
- Internal Server Error adding invalid reverse DNS zone (#744234)
- ipa hbactest does not evaluate indirect members from groups. (#744410)
- Leaks KDC password and master password via command line arguments (#744422)
- Traceback when upgrading from ipa-server-2.1.1-1 (#744798)
- IPA User's Primary GID is not being set to their UPG's GID (#745552)
- --forwarder option of ipa-dns-install allows invalid IP addr (#745698)
- UI does not grant access based on roles (#745957)
- Unable to add external user for RunAs User for Sudo (#746056)
- Typo in error message while adding invalid ptr record. (#746199)
- Don't use python 2.7-only syntax (#746229)
- Error when using ipa-client-install with --no-sssd option (#746276)
- Installation fails if sssd.conf exists and is already config (#746298)
- External hosts are not removed properly from sudorule ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'ipa' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3636
http://freeipa.org/page/IPAv2_214

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.122030
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2011-1533)
Summary:	The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2011-1533 advisory.
Description:	Summary: The remote host is missing an update for the 'ipa' package(s) announced via the ELSA-2011-1533 advisory. Vulnerability Insight: [2.1.3-9.el6] - Add current password prompt when changing own password in web UI (#751179) - Remove extraneous trailing ' from netgroup patch (#749352) [2.1.3-8.el6] - Updated patch for CVE-2011-3636 to include CR in the HTTP headers. xmlrpc-c in RHEL-6 doesn't suppose the dont_advertise option so that is not set any more. Another fake header, X-Original-User_Agent, is added so there is no more trailing junk after the Referer header. (#749870) [2.1.3-7.el6] - Require an HTTP Referer header to address CSRF attackes. CVE-2011-3636. (#749870) [2.1.3-6.el6] - Users not showing up in nis netgroup triple (#749352) [2.1.3-5.el6] - Add update file to remove entitlement roles, privileges and permissions (#739060) [2.1.3-4.el6] - Quote worker option in krb5kdc (#748754) [2.1.3-3.el6] - hbactest fails while you have svcgroup in hbacrule (#746227) - Add Kerberos domain mapping for system hostname (#747443) - Format certificates as PEM in browser (#701325) [2.1.3-2.el6] - ipa-client-install hangs if the discovered server is unresponsive (#745392) - Fix minor problems in help system (#747028) - Remove help fix from Disable automember patch (#746717) - Update minimum version of sssd to 1.5.1-60 to pick up SELinux fix (#746265) [2.1.3-1.el6] - Update to upstream 2.1.3 release (#736170) - Additional branding (#742264) - Disable automember cli (#746717) - ipa-client-install sometimes fails to start sssd properly (#736954) - ipa-client-install adds duplicate information to krb5.conf (#714597) - ipa-client-install should configure hostname (#714919) - inconsistency in enabling 'delete' buttons (#730751) - hbactest does not resolve canonical names during simulation (#740850) - Default DNS Administration Role - Permissions missing (#742327) - named fails to start after installing ipa server when short (#742875) - Duplicate hostgroup and netgroup should not be allowed (#743253) - named fails to start (#743680) - Global password policy should not be able to be deleted (#744074) - Client install fails when anonymous bind is disabled (#744101) - Internal Server Error adding invalid reverse DNS zone (#744234) - ipa hbactest does not evaluate indirect members from groups. (#744410) - Leaks KDC password and master password via command line arguments (#744422) - Traceback when upgrading from ipa-server-2.1.1-1 (#744798) - IPA User's Primary GID is not being set to their UPG's GID (#745552) - --forwarder option of ipa-dns-install allows invalid IP addr (#745698) - UI does not grant access based on roles (#745957) - Unable to add external user for RunAs User for Sudo (#746056) - Typo in error message while adding invalid ptr record. (#746199) - Don't use python 2.7-only syntax (#746229) - Error when using ipa-client-install with --no-sssd option (#746276) - Installation fails if sssd.conf exists and is already config (#746298) - External hosts are not removed properly from sudorule ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'ipa' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3636 http://freeipa.org/page/IPAv2_214
Copyright	Copyright (C) 2015 Greenbone AG