Vulnerability-Lookup

RHSA-2008:0860

Vulnerability from csaf_redhat - Published: 2008-09-10 18:08 - Updated: 2025-11-21 17:33

Summary

Red Hat Security Advisory: ipa security update

Notes

Topic

Updated ipa packages that fix a security flaw are now available for Red Hat Enterprise IPA. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

Red Hat Enterprise IPA is an integrated solution to provide centrally-managed Identity (machines, users, virtual machines, groups, authentication credentials), Policy (configuration settings, access control information) and Audit (events, logs, analysis) services. A flaw was found in the Red Hat Enterprise IPA installation procedure. The master Kerberos password was set up in the LDAP server in such a way that it was possible to retrieve the password via an anonymous LDAP connection. (CVE-2008-3274) Note: the master Kerberos password is used to encrypt keys. This flaw does not lead to individual keys being exposed. Users of Red Hat IPA should upgrade to these updated packages and perform the operations explained in the solution to resolve this issue.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated ipa packages that fix a security flaw are now available for Red Hat\nEnterprise IPA.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Enterprise IPA is an integrated solution to provide\ncentrally-managed Identity (machines, users, virtual machines, groups,\nauthentication credentials), Policy (configuration settings, access control\ninformation) and Audit (events, logs, analysis) services.\n\nA flaw was found in the Red Hat Enterprise IPA installation procedure. The\nmaster Kerberos password was set up in the LDAP server in such a way that\nit was possible to retrieve the password via an anonymous LDAP connection.\n(CVE-2008-3274)\n\nNote: the master Kerberos password is used to encrypt keys. This flaw does\nnot lead to individual keys being exposed.\n\nUsers of Red Hat IPA should upgrade to these updated packages and perform\nthe operations explained in the solution to resolve this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0860",
        "url": "https://access.redhat.com/errata/RHSA-2008:0860"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "457835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457835"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0860.json"
      }
    ],
    "title": "Red Hat Security Advisory: ipa security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:33:48+00:00",
      "generator": {
        "date": "2025-11-21T17:33:48+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2008:0860",
      "initial_release_date": "2008-09-10T18:08:00+00:00",
      "revision_history": [
        {
          "date": "2008-09-10T18:08:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-09-10T14:08:10+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:33:48+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat IPA 1 for RHEL 5 Server",
                "product": {
                  "name": "Red Hat IPA 1 for RHEL 5 Server",
                  "product_id": "5Server-IPA",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_ipa:1.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise IPA"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ipa-client-0:1.0.0-23.el5ipa.x86_64",
                "product": {
                  "name": "ipa-client-0:1.0.0-23.el5ipa.x86_64",
                  "product_id": "ipa-client-0:1.0.0-23.el5ipa.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ipa-client@1.0.0-23.el5ipa?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ipa-admintools-0:1.0.0-23.el5ipa.x86_64",
                "product": {
                  "name": "ipa-admintools-0:1.0.0-23.el5ipa.x86_64",
                  "product_id": "ipa-admintools-0:1.0.0-23.el5ipa.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ipa-admintools@1.0.0-23.el5ipa?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ipa-python-0:1.0.0-23.el5ipa.x86_64",
                "product": {
                  "name": "ipa-python-0:1.0.0-23.el5ipa.x86_64",
                  "product_id": "ipa-python-0:1.0.0-23.el5ipa.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ipa-python@1.0.0-23.el5ipa?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ipa-debuginfo-0:1.0.0-23.el5ipa.x86_64",
                "product": {
                  "name": "ipa-debuginfo-0:1.0.0-23.el5ipa.x86_64",
                  "product_id": "ipa-debuginfo-0:1.0.0-23.el5ipa.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ipa-debuginfo@1.0.0-23.el5ipa?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ipa-server-selinux-0:1.0.0-23.el5ipa.x86_64",
                "product": {
                  "name": "ipa-server-selinux-0:1.0.0-23.el5ipa.x86_64",
                  "product_id": "ipa-server-selinux-0:1.0.0-23.el5ipa.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ipa-server-selinux@1.0.0-23.el5ipa?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ipa-server-0:1.0.0-23.el5ipa.x86_64",
                "product": {
                  "name": "ipa-server-0:1.0.0-23.el5ipa.x86_64",
                  "product_id": "ipa-server-0:1.0.0-23.el5ipa.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ipa-server@1.0.0-23.el5ipa?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ipa-client-0:1.0.0-23.el5ipa.i386",
                "product": {
                  "name": "ipa-client-0:1.0.0-23.el5ipa.i386",
                  "product_id": "ipa-client-0:1.0.0-23.el5ipa.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ipa-client@1.0.0-23.el5ipa?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ipa-admintools-0:1.0.0-23.el5ipa.i386",
                "product": {
                  "name": "ipa-admintools-0:1.0.0-23.el5ipa.i386",
                  "product_id": "ipa-admintools-0:1.0.0-23.el5ipa.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ipa-admintools@1.0.0-23.el5ipa?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ipa-python-0:1.0.0-23.el5ipa.i386",
                "product": {
                  "name": "ipa-python-0:1.0.0-23.el5ipa.i386",
                  "product_id": "ipa-python-0:1.0.0-23.el5ipa.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ipa-python@1.0.0-23.el5ipa?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ipa-debuginfo-0:1.0.0-23.el5ipa.i386",
                "product": {
                  "name": "ipa-debuginfo-0:1.0.0-23.el5ipa.i386",
                  "product_id": "ipa-debuginfo-0:1.0.0-23.el5ipa.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ipa-debuginfo@1.0.0-23.el5ipa?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ipa-server-selinux-0:1.0.0-23.el5ipa.i386",
                "product": {
                  "name": "ipa-server-selinux-0:1.0.0-23.el5ipa.i386",
                  "product_id": "ipa-server-selinux-0:1.0.0-23.el5ipa.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ipa-server-selinux@1.0.0-23.el5ipa?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ipa-server-0:1.0.0-23.el5ipa.i386",
                "product": {
                  "name": "ipa-server-0:1.0.0-23.el5ipa.i386",
                  "product_id": "ipa-server-0:1.0.0-23.el5ipa.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ipa-server@1.0.0-23.el5ipa?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ipa-0:1.0.0-23.el5ipa.src",
                "product": {
                  "name": "ipa-0:1.0.0-23.el5ipa.src",
                  "product_id": "ipa-0:1.0.0-23.el5ipa.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ipa@1.0.0-23.el5ipa?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ipa-0:1.0.0-23.el5ipa.src as a component of Red Hat IPA 1 for RHEL 5 Server",
          "product_id": "5Server-IPA:ipa-0:1.0.0-23.el5ipa.src"
        },
        "product_reference": "ipa-0:1.0.0-23.el5ipa.src",
        "relates_to_product_reference": "5Server-IPA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ipa-admintools-0:1.0.0-23.el5ipa.i386 as a component of Red Hat IPA 1 for RHEL 5 Server",
          "product_id": "5Server-IPA:ipa-admintools-0:1.0.0-23.el5ipa.i386"
        },
        "product_reference": "ipa-admintools-0:1.0.0-23.el5ipa.i386",
        "relates_to_product_reference": "5Server-IPA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ipa-admintools-0:1.0.0-23.el5ipa.x86_64 as a component of Red Hat IPA 1 for RHEL 5 Server",
          "product_id": "5Server-IPA:ipa-admintools-0:1.0.0-23.el5ipa.x86_64"
        },
        "product_reference": "ipa-admintools-0:1.0.0-23.el5ipa.x86_64",
        "relates_to_product_reference": "5Server-IPA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ipa-client-0:1.0.0-23.el5ipa.i386 as a component of Red Hat IPA 1 for RHEL 5 Server",
          "product_id": "5Server-IPA:ipa-client-0:1.0.0-23.el5ipa.i386"
        },
        "product_reference": "ipa-client-0:1.0.0-23.el5ipa.i386",
        "relates_to_product_reference": "5Server-IPA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ipa-client-0:1.0.0-23.el5ipa.x86_64 as a component of Red Hat IPA 1 for RHEL 5 Server",
          "product_id": "5Server-IPA:ipa-client-0:1.0.0-23.el5ipa.x86_64"
        },
        "product_reference": "ipa-client-0:1.0.0-23.el5ipa.x86_64",
        "relates_to_product_reference": "5Server-IPA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ipa-debuginfo-0:1.0.0-23.el5ipa.i386 as a component of Red Hat IPA 1 for RHEL 5 Server",
          "product_id": "5Server-IPA:ipa-debuginfo-0:1.0.0-23.el5ipa.i386"
        },
        "product_reference": "ipa-debuginfo-0:1.0.0-23.el5ipa.i386",
        "relates_to_product_reference": "5Server-IPA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ipa-debuginfo-0:1.0.0-23.el5ipa.x86_64 as a component of Red Hat IPA 1 for RHEL 5 Server",
          "product_id": "5Server-IPA:ipa-debuginfo-0:1.0.0-23.el5ipa.x86_64"
        },
        "product_reference": "ipa-debuginfo-0:1.0.0-23.el5ipa.x86_64",
        "relates_to_product_reference": "5Server-IPA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ipa-python-0:1.0.0-23.el5ipa.i386 as a component of Red Hat IPA 1 for RHEL 5 Server",
          "product_id": "5Server-IPA:ipa-python-0:1.0.0-23.el5ipa.i386"
        },
        "product_reference": "ipa-python-0:1.0.0-23.el5ipa.i386",
        "relates_to_product_reference": "5Server-IPA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ipa-python-0:1.0.0-23.el5ipa.x86_64 as a component of Red Hat IPA 1 for RHEL 5 Server",
          "product_id": "5Server-IPA:ipa-python-0:1.0.0-23.el5ipa.x86_64"
        },
        "product_reference": "ipa-python-0:1.0.0-23.el5ipa.x86_64",
        "relates_to_product_reference": "5Server-IPA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ipa-server-0:1.0.0-23.el5ipa.i386 as a component of Red Hat IPA 1 for RHEL 5 Server",
          "product_id": "5Server-IPA:ipa-server-0:1.0.0-23.el5ipa.i386"
        },
        "product_reference": "ipa-server-0:1.0.0-23.el5ipa.i386",
        "relates_to_product_reference": "5Server-IPA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ipa-server-0:1.0.0-23.el5ipa.x86_64 as a component of Red Hat IPA 1 for RHEL 5 Server",
          "product_id": "5Server-IPA:ipa-server-0:1.0.0-23.el5ipa.x86_64"
        },
        "product_reference": "ipa-server-0:1.0.0-23.el5ipa.x86_64",
        "relates_to_product_reference": "5Server-IPA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ipa-server-selinux-0:1.0.0-23.el5ipa.i386 as a component of Red Hat IPA 1 for RHEL 5 Server",
          "product_id": "5Server-IPA:ipa-server-selinux-0:1.0.0-23.el5ipa.i386"
        },
        "product_reference": "ipa-server-selinux-0:1.0.0-23.el5ipa.i386",
        "relates_to_product_reference": "5Server-IPA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ipa-server-selinux-0:1.0.0-23.el5ipa.x86_64 as a component of Red Hat IPA 1 for RHEL 5 Server",
          "product_id": "5Server-IPA:ipa-server-selinux-0:1.0.0-23.el5ipa.x86_64"
        },
        "product_reference": "ipa-server-selinux-0:1.0.0-23.el5ipa.x86_64",
        "relates_to_product_reference": "5Server-IPA"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-3274",
      "discovery_date": "2008-08-04T00:00:00+00:00",
      "notes": [
        {
          "category": "description",
          "text": "The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.",
          "title": "Vulnerability description"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security has determined that this vulnerability does not affect any currently supported Red Hat product. This assessment may evolve based on further analysis and discovery. For more information about this vulnerability and the products it affects, please see the linked references.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-IPA:ipa-0:1.0.0-23.el5ipa.src",
          "5Server-IPA:ipa-admintools-0:1.0.0-23.el5ipa.i386",
          "5Server-IPA:ipa-admintools-0:1.0.0-23.el5ipa.x86_64",
          "5Server-IPA:ipa-client-0:1.0.0-23.el5ipa.i386",
          "5Server-IPA:ipa-client-0:1.0.0-23.el5ipa.x86_64",
          "5Server-IPA:ipa-debuginfo-0:1.0.0-23.el5ipa.i386",
          "5Server-IPA:ipa-debuginfo-0:1.0.0-23.el5ipa.x86_64",
          "5Server-IPA:ipa-python-0:1.0.0-23.el5ipa.i386",
          "5Server-IPA:ipa-python-0:1.0.0-23.el5ipa.x86_64",
          "5Server-IPA:ipa-server-0:1.0.0-23.el5ipa.i386",
          "5Server-IPA:ipa-server-0:1.0.0-23.el5ipa.x86_64",
          "5Server-IPA:ipa-server-selinux-0:1.0.0-23.el5ipa.i386",
          "5Server-IPA:ipa-server-selinux-0:1.0.0-23.el5ipa.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3274"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3274",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3274"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3274",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3274"
        }
      ],
      "release_date": "2008-09-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-09-10T18:08:00+00:00",
          "details": "To fully resolve this problem, you need to manually perform the following\nsteps after installing the updated packages:\n\nDisclaimer: The following procedure performs critical, low-level operations\non your IPA system, and it is imperative that you back up your system\nbefore carrying out any of the following steps. A failure during this\nprocedure may compromise the readability of all or part of your Kerberos\nkeys.\n\n1. Upgrade all of your servers (masters and replicas) and restart the\ndirsrv service on all of them. No other daemon needs to be restarted at\nthis stage.\n\n2. On one master server, run the following tool:\n    $ ipa-fix-2008-3274 --check\n\nThis should report that the system is vulnerable.\n\n3. On the same master server, run the following tool:\n    $ ipa-fix-2008-3274 --fix\n\nThis should dump all Kerberos principals, reload them, and then return a \nmessage stating that the operation completed successfully. If not, you\nshould contact Red Hat GSS for immediate assistance.\n\nThis step should also create a .gpg file symmetrically-encrypted with the \nDirectory Manager password. This file contains a backup of all Kerberos \nkey material and is written to /var/lib/ipa/.\n\nAttention: DO NOT RUN THIS COMMAND ON ANY OTHER SERVER. See the next step.\n\n4. On all other IPA servers, run the following tool:\n    $ ipa-fix-2008-3274 --fix-replica\n\nThis will report that the system is NOT vulnerable and will then download\nthe master key for the local KDC instance. This command will restart the\nKDC service.\n\nIf the command reports a system as anything other than not vulnerable,\nverify that replication between masters is working correctly. The procedure\nwill not successfully complete until replication failures are addressed.\n\nBefore applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Server-IPA:ipa-0:1.0.0-23.el5ipa.src",
            "5Server-IPA:ipa-admintools-0:1.0.0-23.el5ipa.i386",
            "5Server-IPA:ipa-admintools-0:1.0.0-23.el5ipa.x86_64",
            "5Server-IPA:ipa-client-0:1.0.0-23.el5ipa.i386",
            "5Server-IPA:ipa-client-0:1.0.0-23.el5ipa.x86_64",
            "5Server-IPA:ipa-debuginfo-0:1.0.0-23.el5ipa.i386",
            "5Server-IPA:ipa-debuginfo-0:1.0.0-23.el5ipa.x86_64",
            "5Server-IPA:ipa-python-0:1.0.0-23.el5ipa.i386",
            "5Server-IPA:ipa-python-0:1.0.0-23.el5ipa.x86_64",
            "5Server-IPA:ipa-server-0:1.0.0-23.el5ipa.i386",
            "5Server-IPA:ipa-server-0:1.0.0-23.el5ipa.x86_64",
            "5Server-IPA:ipa-server-selinux-0:1.0.0-23.el5ipa.i386",
            "5Server-IPA:ipa-server-selinux-0:1.0.0-23.el5ipa.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0860"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "IPA Kerberos master password disclosure"
    }
  ]
}

CVE-2008-3274 (GCVE-0-2008-3274)

Vulnerability from cvelistv5 – Published: 2008-09-12 16:00 – Updated: 2024-08-07 09:28

Summary

The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.securityfocus.com/bid/31111	vdb-entryx_refsource_BID
	http://www.freeipa.org/page/News	x_refsource_CONFIRM
	http://git.fedorahosted.org/git/freeipa.git/?p=fr…	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=457835	x_refsource_CONFIRM
	http://www.freeipa.org/page/CVE-2008-3274	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1020850	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/31861	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2008-0860.html	vendor-advisoryx_refsource_REDHAT
	http://www.freeipa.org/page/Downloads	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:28:41.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2008-7987",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00733.html"
          },
          {
            "name": "FEDORA-2008-8003",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00743.html"
          },
          {
            "name": "31111",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31111"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/News"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git%3Ba=commit%3Bh=9932887f2af38b9701efec27707648c026ec445c"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457835"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/CVE-2008-3274"
          },
          {
            "name": "1020850",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020850"
          },
          {
            "name": "31861",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31861"
          },
          {
            "name": "RHSA-2008:0860",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0860.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.freeipa.org/page/Downloads"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-09-24T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2008-7987",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00733.html"
        },
        {
          "name": "FEDORA-2008-8003",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00743.html"
        },
        {
          "name": "31111",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31111"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/News"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git%3Ba=commit%3Bh=9932887f2af38b9701efec27707648c026ec445c"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457835"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/CVE-2008-3274"
        },
        {
          "name": "1020850",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020850"
        },
        {
          "name": "31861",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31861"
        },
        {
          "name": "RHSA-2008:0860",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2008-0860.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.freeipa.org/page/Downloads"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-3274",
    "datePublished": "2008-09-12T16:00:00",
    "dateReserved": "2008-07-24T00:00:00",
    "dateUpdated": "2024-08-07T09:28:41.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2008:0860

CVE-2008-3274 (GCVE-0-2008-3274)

Tags

Sightings

Nomenclature