Test ID:	1.3.6.1.4.1.25623.1.1.12.2021.4792.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4792-1)
Summary:	The remote host is missing an update for the 'freeipa' package(s) announced via the USN-4792-1 advisory.
Description:	Summary: The remote host is missing an update for the 'freeipa' package(s) announced via the USN-4792-1 advisory. Vulnerability Insight: It was discovered that FreeIPA incorrectly handled certificates. An attacker could possibly use this issue to cause a denial of service by revoking arbitrary certificates This issue only affected Ubuntu 16.04 ESM. (CVE-2016-5404) It was discovered that FreeIPA incorrectly handled authentication attempts. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-7030) It was discovered that FreeIPA incorrectly handled user's permissions. An authenticated attacker could possibly use this issue to modify other user's profiles or other unspecified impact. This issue only affected Ubuntu 16.04 ESM. (CVE-2016-9575) Affected Software/OS: 'freeipa' package(s) on Ubuntu 14.04, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5404 92525 http://www.securityfocus.com/bid/92525 FEDORA-2016-7898627d08 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQDYWANTMDFZP3HTGSEOA2IONVUITYX5/ FEDORA-2016-92a3655b70 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4/ FEDORA-2016-f56c765d67 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5OROLKFSY5QRQS7NGBNDP5QMOBV3XMZ/ RHSA-2016:1797 http://rhn.redhat.com/errata/RHSA-2016-1797.html [oss-security] 20160817 CVE-2016-5404 freeipa: Insufficient privileges check in certificate revocation http://www.openwall.com/lists/oss-security/2016/08/17/9 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html https://fedorahosted.org/freeipa/ticket/6232 https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd Common Vulnerability Exposure (CVE) ID: CVE-2016-7030 94934 http://www.securityfocus.com/bid/94934 RHSA-2017:0001 http://rhn.redhat.com/errata/RHSA-2017-0001.html [oss-security] 20170102 freeIPA CVEs CVE-2016-9575 (insufficient permission check) & CVE-2016-7030 (DoS) http://www.openwall.com/lists/oss-security/2017/01/02/5 https://bugzilla.redhat.com/show_bug.cgi?id=1370493 https://pagure.io/freeipa?id=6f1d927467e7907fd1991f88388d96c67c9bff61 Common Vulnerability Exposure (CVE) ID: CVE-2016-9575 BugTraq ID: 95068 http://www.securityfocus.com/bid/95068 RedHat Security Advisories: RHSA-2017:0001
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.