Permissions, Privileges, and Access Controls in pfsense

#VU44418 Permissions, Privileges, and Access Controls in pfsense

Published: 2012-01-03 | Updated: 2020-08-11

Vulnerability identifier: #VU44418

Vulnerability risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2011-4197

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
pfsense
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Rubicon Communications

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.

Mitigation
Install update from vendor's website.

Vulnerable software versions

pfsense: 1.0.x - 1.2.3

External links
http://archives.neohapsis.com/archives/bugtraq/2011-12/0152.html
http://secunia.com/advisories/46780
http://www.osvdb.org/77982
http://www.securityfocus.com/bid/51169
http://exchange.xforce.ibmcloud.com/vulnerabilities/71969
http://github.com/bsdperimeter/pfsense/commit/1379d66f11aaf72982a70287b83e24efcd18898e
http://github.com/bsdperimeter/pfsense/commit/87b4deb2b2dae9013e6aa0fe490d6a5a04a27894
http://www.trustmatta.com/advisories/MATTA-2011-001.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in pfsense