1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1108050: freeipa: CVE-2025-4404

    From Salvatore Bonaccorso@21:1/5 to All on Thu Jun 19 20:50:01 2025
    Source: freeipa
    Version: 4.12.2-3
    Severity: grave
    Tags: security upstream
    Justification: user security hole
    X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

    Hi,

    The following vulnerability was published for freeipa.

    CVE-2025-4404[0]:
    | A privilege escalation from host to domain vulnerability was found
    | in the FreeIPA project. The FreeIPA package fails to validate the
    | uniqueness of the `krbCanonicalName` for the admin account by
    | default, allowing users to create services with the same canonical
    | name as the REALM admin. When a successful attack happens, the user
    | can retrieve a Kerberos ticket in the name of this service,
    | containing the admin@REALM credential. This flaw allows an attacker
    | to perform administrative tasks over the REALM, leading to access to
    | sensitive data and sensitive data exfiltration.


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2025-4404
    https://www.cve.org/CVERecord?id=CVE-2025-4404
    [1] https://bugzilla.redhat.com/show_bug.cgi?id=2364606
    [2] https://pagure.io/freeipa/c/796ed20092d554ee0c9e23295e346ec1e8a0bf6e

    Please adjust the affected versions in the BTS as needed.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Wed Jun 25 12:10:01 2025
    This is a multi-part message in MIME format...

    Your message dated Wed, 25 Jun 2025 10:04:39 +0000
    with message-id <E1uUMzf-00DzNb-DO@fasolo.debian.org>
    and subject line Bug#1108050: fixed in freeipa 4.12.4-1
    has caused the Debian Bug report #1108050,
    regarding freeipa: CVE-2025-4404
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1108050: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108050
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 19 Jun 2025 18:44:05 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-9.6 required=4.0 tests=BAYES_00,FROMDEVELOPER,
    KHOP_HELO_FCRDNS,MD5_SHA1_SUM,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,
    XMAILER_REPORTBUG autolearn=ham autolearn_force=no
    version=4.0.1-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 24; hammy, 149; neutral, 59; spammy,
    1. spammytokens:0.944-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--H*r:eldamar.lan, 0.000-+--H*M:reportbug Return-path: <carnil@debian.org>
    Received: from c-82-192-244-13.customer.ggaweb.ch ([82.192.244.13]:48540 helo=eldamar.lan)
    by buxtehude.debian.org with esmtp (Exim 4.96)
    (envelope