CVE-2013-0199

CWE-2648 documents6 sources
Severity
5.0MEDIUM
EPSS
0.4%
top 37.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Freeipa
Timeline
PublishedMay 29
Latest updateMay 5

Description

The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

β–ΆNVDredhat/freeipa4 versions+3

Patches

Patch: www.freeipa.org β†—Patch: www.freeipa.org β†—

πŸ”΄Vulnerability Details

2
GHSA
GHSA-3gwj-28p7-3v2r: The default LDAP ACIs in FreeIPA 3β†—2022-05-05
β–Ά
CVEList
CVE-2013-0199: The default LDAP ACIs in FreeIPA 3β†—2014-05-29
β–Ά

πŸ’₯Exploits & PoCs

1
Exploit-DB
Microsoft Excel - OLE Arbitrary Code Execution↗2017-09-30
β–Ά

πŸ“‹Vendor Advisories

1
Red Hat
ipa: cross-realm kerberos with AD information leak↗2013-01-23
β–Ά

πŸ’¬Community

3
Bugzilla
CVE-2013-0199 CVE-2012-4546 freeipa various flaws [fedora-all]β†—2013-01-23
β–Ά
Bugzilla
CVE-2013-0199 ipa: cross-realm kerberos with AD information leak↗2013-01-19
β–Ά
Bugzilla
CVE-2013-0170 libvirt: use-after-free in virNetMessageFree()β†—2013-01-09
β–Ά