ipa-4.12.2-14.el9_6.1
エラータID: AXSA:2025-10543:04
リリース日:
2025/07/22 Tuesday - 17:35
題名:
ipa-4.12.2-14.el9_6.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- FreeIPA には、管理者アカウントの一意性を検証できない問題が
あるため、リモートの攻撃者により、情報の漏洩、データ破壊、
およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-4404)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-4404
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
追加情報:
N/A
ダウンロード:
SRPMS
- ipa-4.12.2-14.el9_6.1.src.rpm
MD5: 345af24a0f33ce0563a2b181678c2e19
SHA-256: 2a98e20bf483804e869c557da000d47be5d5c9f8529e288599858db9a34b9c70
Size: 5.62 MB
Asianux Server 9 for x86_64
- ipa-client-4.12.2-14.el9_6.1.x86_64.rpm
MD5: 873e14060546cb975c8164476aafcad2
SHA-256: b99d0a1599d129351b9dbc025f8a0f27aa9d7dfdd9cb063c086f8bfc904c6b33
Size: 139.19 kB - ipa-client-common-4.12.2-14.el9_6.1.noarch.rpm
MD5: c93ed56752c1dd0fa88555eb1bb0fc39
SHA-256: edc184b337ac63f98cb5b6d552d45c268a735ccb674da2b55f23aac499516a05
Size: 44.28 kB - ipa-client-encrypted-dns-4.12.2-14.el9_6.1.x86_64.rpm
MD5: 9cc9c0dc598c0f0ef89836c261020781
SHA-256: ef8ab8de31f1569ab805d97504d6430d37211fd2bae2bc6a0b3eac4d86a86b0b
Size: 35.57 kB - ipa-client-epn-4.12.2-14.el9_6.1.x86_64.rpm
MD5: 5eeaea84b04e99f86250676ad979af59
SHA-256: f4844544139af3447862680e2bbfb0353060c0dd3ead0816fa07370f12117b7f
Size: 43.18 kB - ipa-client-samba-4.12.2-14.el9_6.1.x86_64.rpm
MD5: 2ea2a898b6a2f90af8093b0dfebae676
SHA-256: b0cbd58f604a84939128166dff24db7a8cacf7865e598550c72c4a5b83c5dccb
Size: 38.54 kB - ipa-common-4.12.2-14.el9_6.1.noarch.rpm
MD5: b7dd52b3a41da8133daf8b3deb56ae42
SHA-256: 9a7c77e91588c054e362cf79a8f4ad52611af7f197373db19b13c06f5d3e2ebb
Size: 693.75 kB - ipa-selinux-4.12.2-14.el9_6.1.noarch.rpm
MD5: add449f7e8bc931d08f2a7b0412d6fac
SHA-256: fe2095d64e44da060db454c47e1536b835e1fcd91d7c41c253d812551722e3fd
Size: 38.51 kB - ipa-selinux-luna-4.12.2-14.el9_6.1.noarch.rpm
MD5: 8a73bf0a766dffa2e2cb732506325e39
SHA-256: 67984e1c5aee755ebeccfc0beb4c1bc665d6b0745a08449933245f2d525720d0
Size: 30.57 kB - ipa-selinux-nfast-4.12.2-14.el9_6.1.noarch.rpm
MD5: 0e1a6b741c6a20e910cef594d5bd50c5
SHA-256: dac1c1372e05f085121407d151b42d170607ac2358d88bed241893e4b34be5da
Size: 30.60 kB - ipa-server-4.12.2-14.el9_6.1.x86_64.rpm
MD5: 706de4a87398d74ec516a57dc57b5e55
SHA-256: 6c6fb8861cf610fcb82ca082c4699e6285f7a232a13ca364c1551d739aa4b4b0
Size: 428.68 kB - ipa-server-common-4.12.2-14.el9_6.1.noarch.rpm
MD5: 17aa481c369b1ad91ebef75e79b9786b
SHA-256: 5626a31d90fad85c96d8621691fb4d90d198c14ffcb345d0126bf495e4528552
Size: 498.36 kB - ipa-server-dns-4.12.2-14.el9_6.1.noarch.rpm
MD5: b75d20be5f87487962c018b083936329
SHA-256: 12c751a10f7c7863725ff69d9e8e9615778274c0b5e6f609906d24f3334f2fdf
Size: 56.90 kB - ipa-server-encrypted-dns-4.12.2-14.el9_6.1.x86_64.rpm
MD5: b57bfd611179dea803f4d7fbcc89eb0f
SHA-256: 5b9f346b5a35f90aa9be438db62e09ebd19fec90a2c5842e1338f1a48d0cf34c
Size: 35.68 kB - ipa-server-trust-ad-4.12.2-14.el9_6.1.x86_64.rpm
MD5: c1b96cc945ee8e8454d463deeff62256
SHA-256: eaa8df93c13edb63b7e399339325405101a02b06cc8287927dd38fbaa01e21c8
Size: 153.05 kB - python3-ipaclient-4.12.2-14.el9_6.1.noarch.rpm
MD5: d6eec813b4e171b30a1a974009581f45
SHA-256: 7cedfc5679d2afd06aad12182f96395af59b78227faacfad13ab36f0cd67b502
Size: 659.57 kB - python3-ipalib-4.12.2-14.el9_6.1.noarch.rpm
MD5: b186a148491a08c874651c5a976ddb0a
SHA-256: 57a1a7114a09f45d37f75f4394efcfd3b5cc0728aa5c81789205b626e76513df
Size: 692.61 kB - python3-ipaserver-4.12.2-14.el9_6.1.noarch.rpm
MD5: 21a5b592fbabd75b75541e1958ea06b4
SHA-256: d36bc5fe7cca41ddd396880fe1251d4a772ee4a72dbd7b9d2efd91ee603bb3b5
Size: 1.56 MB - python3-ipatests-4.12.2-14.el9_6.1.noarch.rpm
MD5: f7b4094bdd612346265cd08136245b65
SHA-256: b2bf47c61e548d8f48940ec482545364dafb5956d7a4d7c1ac70566f62bfb4fc
Size: 1.75 MB
English