RHEL 6 : ipa (RHSA-2011:1533)

high Nessus Plugin ID 57014

Synopsis

The remote Red Hat host is missing a security update for ipa.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1533 advisory.

Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large scale Linux and UNIX deployments.

A Cross-Site Request Forgery (CSRF) flaw was found in Red Hat Identity Management. If a remote attacker could trick a user, who was logged into the management web interface, into visiting a specially-crafted URL, the attacker could perform Red Hat Identity Management configuration changes with the privileges of the logged in user. (CVE-2011-3636)

Due to the changes required to fix CVE-2011-3636, client tools will need to be updated for client systems to communicate with updated Red Hat Identity Management servers. New client systems will need to have the updated ipa-client package installed to be enrolled. Already enrolled client systems will need to have the updated certmonger package installed to be able to renew their system certificate. Note that system certificates are valid for two years by default.

Updated ipa-client and certmonger packages for Red Hat Enterprise Linux 6 were released as part of Red Hat Enterprise Linux 6.2. Future updates will provide updated packages for Red Hat Enterprise Linux 5.

This update includes several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.2 Technical Notes for information on the most significant of these changes, linked to in the References section.

Users of Red Hat Identity Management should upgrade to these updated packages, which correct these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL ipa package based on the guidance in RHSA-2011:1533.

See Also

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=680504

https://bugzilla.redhat.com/show_bug.cgi?id=681978

https://bugzilla.redhat.com/show_bug.cgi?id=681979

https://bugzilla.redhat.com/show_bug.cgi?id=688925

https://bugzilla.redhat.com/show_bug.cgi?id=689023

https://bugzilla.redhat.com/show_bug.cgi?id=689810

https://bugzilla.redhat.com/show_bug.cgi?id=690185

https://bugzilla.redhat.com/show_bug.cgi?id=690473

https://bugzilla.redhat.com/show_bug.cgi?id=692144

https://bugzilla.redhat.com/show_bug.cgi?id=692950

https://bugzilla.redhat.com/show_bug.cgi?id=693464

https://bugzilla.redhat.com/show_bug.cgi?id=693483

https://bugzilla.redhat.com/show_bug.cgi?id=693766

https://bugzilla.redhat.com/show_bug.cgi?id=693771

https://bugzilla.redhat.com/show_bug.cgi?id=696193

https://bugzilla.redhat.com/show_bug.cgi?id=696268

https://bugzilla.redhat.com/show_bug.cgi?id=696282

https://bugzilla.redhat.com/show_bug.cgi?id=697009

https://bugzilla.redhat.com/show_bug.cgi?id=697878

https://bugzilla.redhat.com/show_bug.cgi?id=698219

https://bugzilla.redhat.com/show_bug.cgi?id=698421

https://bugzilla.redhat.com/show_bug.cgi?id=700586

https://bugzilla.redhat.com/show_bug.cgi?id=701325

https://bugzilla.redhat.com/show_bug.cgi?id=703188

https://bugzilla.redhat.com/show_bug.cgi?id=703869

https://bugzilla.redhat.com/show_bug.cgi?id=704012

https://bugzilla.redhat.com/show_bug.cgi?id=705794

https://bugzilla.redhat.com/show_bug.cgi?id=705800

https://bugzilla.redhat.com/show_bug.cgi?id=707001

https://bugzilla.redhat.com/show_bug.cgi?id=707009

https://bugzilla.redhat.com/show_bug.cgi?id=707133

https://bugzilla.redhat.com/show_bug.cgi?id=707229

https://bugzilla.redhat.com/show_bug.cgi?id=707312

https://bugzilla.redhat.com/show_bug.cgi?id=708294

https://bugzilla.redhat.com/show_bug.cgi?id=709645

https://bugzilla.redhat.com/show_bug.cgi?id=709665

https://bugzilla.redhat.com/show_bug.cgi?id=710240

https://bugzilla.redhat.com/show_bug.cgi?id=710245

https://bugzilla.redhat.com/show_bug.cgi?id=710253

https://bugzilla.redhat.com/show_bug.cgi?id=710494

https://bugzilla.redhat.com/show_bug.cgi?id=710530

https://bugzilla.redhat.com/show_bug.cgi?id=710592

https://bugzilla.redhat.com/show_bug.cgi?id=710598

https://bugzilla.redhat.com/show_bug.cgi?id=710601

https://bugzilla.redhat.com/show_bug.cgi?id=711667

https://bugzilla.redhat.com/show_bug.cgi?id=711671

https://bugzilla.redhat.com/show_bug.cgi?id=711761

https://bugzilla.redhat.com/show_bug.cgi?id=711786

https://bugzilla.redhat.com/show_bug.cgi?id=712889

https://bugzilla.redhat.com/show_bug.cgi?id=713069

https://bugzilla.redhat.com/show_bug.cgi?id=713374

https://bugzilla.redhat.com/show_bug.cgi?id=713380

https://bugzilla.redhat.com/show_bug.cgi?id=713385

https://bugzilla.redhat.com/show_bug.cgi?id=713481

https://bugzilla.redhat.com/show_bug.cgi?id=713501

https://bugzilla.redhat.com/show_bug.cgi?id=713531

https://bugzilla.redhat.com/show_bug.cgi?id=713549

https://bugzilla.redhat.com/show_bug.cgi?id=713603

https://bugzilla.redhat.com/show_bug.cgi?id=713798

https://bugzilla.redhat.com/show_bug.cgi?id=714238

https://bugzilla.redhat.com/show_bug.cgi?id=714597

https://bugzilla.redhat.com/show_bug.cgi?id=714600

https://bugzilla.redhat.com/show_bug.cgi?id=714919

https://bugzilla.redhat.com/show_bug.cgi?id=714924

https://bugzilla.redhat.com/show_bug.cgi?id=715112

https://bugzilla.redhat.com/show_bug.cgi?id=751179

http://www.nessus.org/u?8c90c024

http://www.nessus.org/u?a8b42d73

https://access.redhat.com/errata/RHSA-2011:1533

https://bugzilla.redhat.com/show_bug.cgi?id=716287

https://bugzilla.redhat.com/show_bug.cgi?id=716432

https://bugzilla.redhat.com/show_bug.cgi?id=716462

https://bugzilla.redhat.com/show_bug.cgi?id=717020

https://bugzilla.redhat.com/show_bug.cgi?id=717625

https://bugzilla.redhat.com/show_bug.cgi?id=717724

https://bugzilla.redhat.com/show_bug.cgi?id=717726

https://bugzilla.redhat.com/show_bug.cgi?id=717729

https://bugzilla.redhat.com/show_bug.cgi?id=717732

https://bugzilla.redhat.com/show_bug.cgi?id=717965

https://bugzilla.redhat.com/show_bug.cgi?id=718062

https://bugzilla.redhat.com/show_bug.cgi?id=719656

https://bugzilla.redhat.com/show_bug.cgi?id=720011

https://bugzilla.redhat.com/show_bug.cgi?id=720013

https://bugzilla.redhat.com/show_bug.cgi?id=720336

https://bugzilla.redhat.com/show_bug.cgi?id=720711

https://bugzilla.redhat.com/show_bug.cgi?id=722228

https://bugzilla.redhat.com/show_bug.cgi?id=722468

https://bugzilla.redhat.com/show_bug.cgi?id=723027

https://bugzilla.redhat.com/show_bug.cgi?id=723233

https://bugzilla.redhat.com/show_bug.cgi?id=723241

https://bugzilla.redhat.com/show_bug.cgi?id=723622

https://bugzilla.redhat.com/show_bug.cgi?id=723624

https://bugzilla.redhat.com/show_bug.cgi?id=723778

https://bugzilla.redhat.com/show_bug.cgi?id=723781

https://bugzilla.redhat.com/show_bug.cgi?id=723882

https://bugzilla.redhat.com/show_bug.cgi?id=723969

https://bugzilla.redhat.com/show_bug.cgi?id=723990

https://bugzilla.redhat.com/show_bug.cgi?id=724036

https://bugzilla.redhat.com/show_bug.cgi?id=725433

https://bugzilla.redhat.com/show_bug.cgi?id=725763

https://bugzilla.redhat.com/show_bug.cgi?id=726028

https://bugzilla.redhat.com/show_bug.cgi?id=726123

https://bugzilla.redhat.com/show_bug.cgi?id=726454

https://bugzilla.redhat.com/show_bug.cgi?id=726526

https://bugzilla.redhat.com/show_bug.cgi?id=726715

https://bugzilla.redhat.com/show_bug.cgi?id=726722

https://bugzilla.redhat.com/show_bug.cgi?id=726725

https://bugzilla.redhat.com/show_bug.cgi?id=726751

https://bugzilla.redhat.com/show_bug.cgi?id=726943

https://bugzilla.redhat.com/show_bug.cgi?id=727282

https://bugzilla.redhat.com/show_bug.cgi?id=727691

https://bugzilla.redhat.com/show_bug.cgi?id=727921

https://bugzilla.redhat.com/show_bug.cgi?id=728118

https://bugzilla.redhat.com/show_bug.cgi?id=728614

https://bugzilla.redhat.com/show_bug.cgi?id=728950

https://bugzilla.redhat.com/show_bug.cgi?id=729089

https://bugzilla.redhat.com/show_bug.cgi?id=729166

https://bugzilla.redhat.com/show_bug.cgi?id=729245

https://bugzilla.redhat.com/show_bug.cgi?id=729246

https://bugzilla.redhat.com/show_bug.cgi?id=729377

https://bugzilla.redhat.com/show_bug.cgi?id=729665

https://bugzilla.redhat.com/show_bug.cgi?id=730436

https://bugzilla.redhat.com/show_bug.cgi?id=730713

https://bugzilla.redhat.com/show_bug.cgi?id=730751

https://bugzilla.redhat.com/show_bug.cgi?id=731784

https://bugzilla.redhat.com/show_bug.cgi?id=731804

https://bugzilla.redhat.com/show_bug.cgi?id=731805

https://bugzilla.redhat.com/show_bug.cgi?id=732084

https://bugzilla.redhat.com/show_bug.cgi?id=732088

https://bugzilla.redhat.com/show_bug.cgi?id=732468

https://bugzilla.redhat.com/show_bug.cgi?id=732521

https://bugzilla.redhat.com/show_bug.cgi?id=732803

https://bugzilla.redhat.com/show_bug.cgi?id=732996

https://bugzilla.redhat.com/show_bug.cgi?id=733009

https://bugzilla.redhat.com/show_bug.cgi?id=733436

https://bugzilla.redhat.com/show_bug.cgi?id=734013

https://bugzilla.redhat.com/show_bug.cgi?id=734706

https://bugzilla.redhat.com/show_bug.cgi?id=734725

https://bugzilla.redhat.com/show_bug.cgi?id=735187

https://bugzilla.redhat.com/show_bug.cgi?id=736276

https://bugzilla.redhat.com/show_bug.cgi?id=736455

https://bugzilla.redhat.com/show_bug.cgi?id=736617

https://bugzilla.redhat.com/show_bug.cgi?id=736684

https://bugzilla.redhat.com/show_bug.cgi?id=736787

https://bugzilla.redhat.com/show_bug.cgi?id=737048

https://bugzilla.redhat.com/show_bug.cgi?id=737516

https://bugzilla.redhat.com/show_bug.cgi?id=737581

https://bugzilla.redhat.com/show_bug.cgi?id=737994

https://bugzilla.redhat.com/show_bug.cgi?id=737997

https://bugzilla.redhat.com/show_bug.cgi?id=738038

https://bugzilla.redhat.com/show_bug.cgi?id=738053

https://bugzilla.redhat.com/show_bug.cgi?id=738339

https://bugzilla.redhat.com/show_bug.cgi?id=738693

https://bugzilla.redhat.com/show_bug.cgi?id=739040

https://bugzilla.redhat.com/show_bug.cgi?id=739060

https://bugzilla.redhat.com/show_bug.cgi?id=739061

https://bugzilla.redhat.com/show_bug.cgi?id=739089

https://bugzilla.redhat.com/show_bug.cgi?id=739195

https://bugzilla.redhat.com/show_bug.cgi?id=739604

https://bugzilla.redhat.com/show_bug.cgi?id=739640

https://bugzilla.redhat.com/show_bug.cgi?id=739650

https://bugzilla.redhat.com/show_bug.cgi?id=740320

https://bugzilla.redhat.com/show_bug.cgi?id=740830

https://bugzilla.redhat.com/show_bug.cgi?id=740838

https://bugzilla.redhat.com/show_bug.cgi?id=740844

https://bugzilla.redhat.com/show_bug.cgi?id=740850

https://bugzilla.redhat.com/show_bug.cgi?id=740854

https://bugzilla.redhat.com/show_bug.cgi?id=740879

https://bugzilla.redhat.com/show_bug.cgi?id=740880

https://bugzilla.redhat.com/show_bug.cgi?id=740885

https://bugzilla.redhat.com/show_bug.cgi?id=740891

https://bugzilla.redhat.com/show_bug.cgi?id=741050

https://bugzilla.redhat.com/show_bug.cgi?id=741277

https://bugzilla.redhat.com/show_bug.cgi?id=741677

https://bugzilla.redhat.com/show_bug.cgi?id=741808

https://bugzilla.redhat.com/show_bug.cgi?id=742024

https://bugzilla.redhat.com/show_bug.cgi?id=742327

https://bugzilla.redhat.com/show_bug.cgi?id=742616

https://bugzilla.redhat.com/show_bug.cgi?id=742875

https://bugzilla.redhat.com/show_bug.cgi?id=743253

https://bugzilla.redhat.com/show_bug.cgi?id=743295

https://bugzilla.redhat.com/show_bug.cgi?id=743788

https://bugzilla.redhat.com/show_bug.cgi?id=743936

https://bugzilla.redhat.com/show_bug.cgi?id=743955

https://bugzilla.redhat.com/show_bug.cgi?id=744024

https://bugzilla.redhat.com/show_bug.cgi?id=744074

https://bugzilla.redhat.com/show_bug.cgi?id=744101

https://bugzilla.redhat.com/show_bug.cgi?id=744234

https://bugzilla.redhat.com/show_bug.cgi?id=744264

https://bugzilla.redhat.com/show_bug.cgi?id=744306

https://bugzilla.redhat.com/show_bug.cgi?id=744410

https://bugzilla.redhat.com/show_bug.cgi?id=744422

https://bugzilla.redhat.com/show_bug.cgi?id=744798

https://bugzilla.redhat.com/show_bug.cgi?id=745392

https://bugzilla.redhat.com/show_bug.cgi?id=745575

https://bugzilla.redhat.com/show_bug.cgi?id=745698

https://bugzilla.redhat.com/show_bug.cgi?id=745957

https://bugzilla.redhat.com/show_bug.cgi?id=746056

https://bugzilla.redhat.com/show_bug.cgi?id=746199

https://bugzilla.redhat.com/show_bug.cgi?id=746227

https://bugzilla.redhat.com/show_bug.cgi?id=746229

https://bugzilla.redhat.com/show_bug.cgi?id=746276

https://bugzilla.redhat.com/show_bug.cgi?id=746298

https://bugzilla.redhat.com/show_bug.cgi?id=746717

https://bugzilla.redhat.com/show_bug.cgi?id=747028

https://bugzilla.redhat.com/show_bug.cgi?id=747443

https://bugzilla.redhat.com/show_bug.cgi?id=747710

https://bugzilla.redhat.com/show_bug.cgi?id=748754

https://bugzilla.redhat.com/show_bug.cgi?id=749352

Plugin Details

Severity: High

ID: 57014

File Name: redhat-RHSA-2011-1533.nasl

Version: 1.21

Type: local

Agent: unix

Published: 12/6/2011

Updated: 3/20/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2011-3636

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:ipa-server, p-cpe:/a:redhat:enterprise_linux:ipa-client, p-cpe:/a:redhat:enterprise_linux:ipa-python, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:ipa-admintools, p-cpe:/a:redhat:enterprise_linux:ipa, p-cpe:/a:redhat:enterprise_linux:ipa-server-selinux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 12/6/2011

Vulnerability Publication Date: 12/8/2011

Reference Information

CVE: CVE-2011-3636

BID: 50930

CWE: 352

RHSA: 2011:1533