CVE-2017-2590 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-2590 Interim 1 2 2024-06-12T01:15:09Z current 2023-10-31T01:14:05Z 2024-06-12T01:15:09Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-2590 A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 7 ipa-admintools-4.4.0-14.el7_3.6 ipa-client-4.4.0-14.el7_3.6 ipa-client-common-4.4.0-14.el7_3.6 ipa-common-4.4.0-14.el7_3.6 ipa-python-compat-4.4.0-14.el7_3.6 ipa-server-4.4.0-14.el7_3.6 ipa-server-common-4.4.0-14.el7_3.6 ipa-server-dns-4.4.0-14.el7_3.6 ipa-server-trust-ad-4.4.0-14.el7_3.6 python2-ipaclient-4.4.0-14.el7_3.6 python2-ipalib-4.4.0-14.el7_3.6 python2-ipaserver-4.4.0-14.el7_3.6 ipa-admintools-4.4.0-14.el7_3.6 as a component of SUSE Liberty Linux 7 ipa-client-4.4.0-14.el7_3.6 as a component of SUSE Liberty Linux 7 ipa-client-common-4.4.0-14.el7_3.6 as a component of SUSE Liberty Linux 7 ipa-common-4.4.0-14.el7_3.6 as a component of SUSE Liberty Linux 7 ipa-python-compat-4.4.0-14.el7_3.6 as a component of SUSE Liberty Linux 7 ipa-server-4.4.0-14.el7_3.6 as a component of SUSE Liberty Linux 7 ipa-server-common-4.4.0-14.el7_3.6 as a component of SUSE Liberty Linux 7 ipa-server-dns-4.4.0-14.el7_3.6 as a component of SUSE Liberty Linux 7 ipa-server-trust-ad-4.4.0-14.el7_3.6 as a component of SUSE Liberty Linux 7 python2-ipaclient-4.4.0-14.el7_3.6 as a component of SUSE Liberty Linux 7 python2-ipalib-4.4.0-14.el7_3.6 as a component of SUSE Liberty Linux 7 python2-ipaserver-4.4.0-14.el7_3.6 as a component of SUSE Liberty Linux 7 A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys. CVE-2017-2590 SUSE Liberty Linux 7:ipa-admintools-4.4.0-14.el7_3.6 SUSE Liberty Linux 7:ipa-client-4.4.0-14.el7_3.6 SUSE Liberty Linux 7:ipa-client-common-4.4.0-14.el7_3.6 SUSE Liberty Linux 7:ipa-common-4.4.0-14.el7_3.6 SUSE Liberty Linux 7:ipa-python-compat-4.4.0-14.el7_3.6 SUSE Liberty Linux 7:ipa-server-4.4.0-14.el7_3.6 SUSE Liberty Linux 7:ipa-server-common-4.4.0-14.el7_3.6 SUSE Liberty Linux 7:ipa-server-dns-4.4.0-14.el7_3.6 SUSE Liberty Linux 7:ipa-server-trust-ad-4.4.0-14.el7_3.6 SUSE Liberty Linux 7:python2-ipaclient-4.4.0-14.el7_3.6 SUSE Liberty Linux 7:python2-ipalib-4.4.0-14.el7_3.6 SUSE Liberty Linux 7:python2-ipaserver-4.4.0-14.el7_3.6 important 5.5 AV:N/AC:L/Au:S/C:N/I:P/A:P 8.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H