CVE-2024-1481

NameCVE-2024-1481
DescriptionA flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3773-1
Debian Bugs1065106

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freeipa (PTS)buster4.7.2-3vulnerable
buster (security)4.7.2-3+deb10u1fixed
bookworm4.9.11-1vulnerable
trixie4.10.2-2vulnerable
sid4.11.1-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freeipasourcebuster4.7.2-3+deb10u1DLA-3773-1
freeipasource(unstable)(unfixed)1065106

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=2262169
https://pagure.io/freeipa/issue/9541
ipa-4.10: https://pagure.io/freeipa/c/921661fd460799da69043e06e058cff75a64ce3c
ipa-4.10: https://pagure.io/freeipa/c/204011dc0514681511275a4b70a13bfa85c1a538
ipa-4.9: https://pagure.io/freeipa/c/b039f3087a13de3f34b230dbe29a7cfb1965700d
ipa-4.9: https://pagure.io/freeipa/c/96a478bbedd49c31e0f078f00f2d1cb55bb952fd
For buster (and most likely later versions) the vulnerable rpcserver.py code
is not part of the provided binary packages. The kinit.py file is however and
it is not entirelly clear whether this may be used in a vulnerable way when
the client is used for authentication purposes.

Search for package or bug name: Reporting problems