Source: freeipa Version: 4.12.2-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for freeipa. CVE-2025-4404[0]: | A privilege escalation from host to domain vulnerability was found | in the FreeIPA project. The FreeIPA package fails to validate the | uniqueness of the `krbCanonicalName` for the admin account by | default, allowing users to create services with the same canonical | name as the REALM admin. When a successful attack happens, the user | can retrieve a Kerberos ticket in the name of this service, | containing the admin@REALM credential. This flaw allows an attacker | to perform administrative tasks over the REALM, leading to access to | sensitive data and sensitive data exfiltration. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-4404 https://www.cve.org/CVERecord?id=CVE-2025-4404 [1] https://bugzilla.redhat.com/show_bug.cgi?id=2364606 [2] https://pagure.io/freeipa/c/796ed20092d554ee0c9e23295e346ec1e8a0bf6e Please adjust the affected versions in the BTS as needed. Regards, Salvatore
