NuytsTech Security

CVE-2016-5404

by ·

The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.

Date published : 2016-09-07

http://www.securityfocus.com/bid/92525

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Tags: