CVE-2024-1481

Vulnerability

A flaw in FreeIPA (CVE-2024-1481) allows a remote attacker to craft an HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server [1][2][3]. This issue stems from improper input validation in the HTTP request handling logic, enabling an attacker to inject arbitrary kinit arguments without authentication.

Exploitation

An attacker can send a specially crafted HTTP request to the FreeIPA server. The server processes the parameters and passes them directly to the kinit command. Because no authentication is required for this attack vector, any remote attacker able to reach the FreeIPA server can exploit this vulnerability [4]. The attack does not require any prior knowledge or credentials.

Impact

Successful exploitation allows the attacker to cause a denial of service (DoS) against the FreeIPA service. By injecting arguments that cause kinit to fail or hang, the attacker can disrupt authentication operations and potentially make the server unresponsive [1][4].

Mitigation

Red Hat has released security updates for Red Hat Enterprise Linux 8 and 9 to address this vulnerability. Affected users should apply the updates immediately [1][2]. There are no known workarounds; installing the patched FreeIPA packages is the recommended mitigation.