rhsa-2024_5316
Vulnerability from csaf_redhat
Published
2024-08-13 15:43
Modified
2024-12-18 03:35
Summary
Red Hat Security Advisory: krb5 security update
Notes
Topic
An update for krb5 is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).
Security Fix(es):
* krb5: GSS message token handling (CVE-2024-37371)
* krb5: GSS message token handling (CVE-2024-37370)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for krb5 is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).\n\nSecurity Fix(es):\n\n* krb5: GSS message token handling (CVE-2024-37371)\n\n* krb5: GSS message token handling (CVE-2024-37370)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:5316", "url": "https://access.redhat.com/errata/RHSA-2024:5316" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2294676", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676" }, { "category": "external", "summary": "2294677", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294677" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5316.json" } ], "title": "Red Hat Security Advisory: krb5 security update", "tracking": { "current_release_date": "2024-12-18T03:35:38+00:00", "generator": { "date": "2024-12-18T03:35:38+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:5316", "initial_release_date": "2024-08-13T15:43:49+00:00", "revision_history": [ { "date": "2024-08-13T15:43:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-08-13T15:43:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-18T03:35:38+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Server AUS (v. 7.7)", "product": { "name": "Red Hat Enterprise Linux Server AUS (v. 7.7)", "product_id": "7Server-7.7.AUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_aus:7.7::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "krb5-0:1.15.1-37.el7_7.4.src", "product": { "name": "krb5-0:1.15.1-37.el7_7.4.src", "product_id": "krb5-0:1.15.1-37.el7_7.4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/krb5@1.15.1-37.el7_7.4?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "krb5-devel-0:1.15.1-37.el7_7.4.x86_64", "product": { "name": "krb5-devel-0:1.15.1-37.el7_7.4.x86_64", "product_id": "krb5-devel-0:1.15.1-37.el7_7.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/krb5-devel@1.15.1-37.el7_7.4?arch=x86_64" } } }, { "category": "product_version", "name": "krb5-libs-0:1.15.1-37.el7_7.4.x86_64", "product": { "name": "krb5-libs-0:1.15.1-37.el7_7.4.x86_64", "product_id": "krb5-libs-0:1.15.1-37.el7_7.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/krb5-libs@1.15.1-37.el7_7.4?arch=x86_64" } } }, { "category": "product_version", "name": "krb5-pkinit-0:1.15.1-37.el7_7.4.x86_64", "product": { "name": "krb5-pkinit-0:1.15.1-37.el7_7.4.x86_64", "product_id": "krb5-pkinit-0:1.15.1-37.el7_7.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/krb5-pkinit@1.15.1-37.el7_7.4?arch=x86_64" } } }, { "category": "product_version", "name": "krb5-server-0:1.15.1-37.el7_7.4.x86_64", "product": { "name": "krb5-server-0:1.15.1-37.el7_7.4.x86_64", "product_id": "krb5-server-0:1.15.1-37.el7_7.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/krb5-server@1.15.1-37.el7_7.4?arch=x86_64" } } }, { "category": "product_version", "name": "krb5-server-ldap-0:1.15.1-37.el7_7.4.x86_64", "product": { "name": "krb5-server-ldap-0:1.15.1-37.el7_7.4.x86_64", "product_id": "krb5-server-ldap-0:1.15.1-37.el7_7.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/krb5-server-ldap@1.15.1-37.el7_7.4?arch=x86_64" } } }, { "category": "product_version", "name": "krb5-workstation-0:1.15.1-37.el7_7.4.x86_64", "product": { "name": "krb5-workstation-0:1.15.1-37.el7_7.4.x86_64", "product_id": "krb5-workstation-0:1.15.1-37.el7_7.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/krb5-workstation@1.15.1-37.el7_7.4?arch=x86_64" } } }, { "category": "product_version", "name": "libkadm5-0:1.15.1-37.el7_7.4.x86_64", "product": { "name": "libkadm5-0:1.15.1-37.el7_7.4.x86_64", "product_id": "libkadm5-0:1.15.1-37.el7_7.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libkadm5@1.15.1-37.el7_7.4?arch=x86_64" } } }, { "category": "product_version", "name": "krb5-debuginfo-0:1.15.1-37.el7_7.4.x86_64", "product": { "name": "krb5-debuginfo-0:1.15.1-37.el7_7.4.x86_64", "product_id": "krb5-debuginfo-0:1.15.1-37.el7_7.4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/krb5-debuginfo@1.15.1-37.el7_7.4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "krb5-devel-0:1.15.1-37.el7_7.4.i686", "product": { "name": "krb5-devel-0:1.15.1-37.el7_7.4.i686", "product_id": "krb5-devel-0:1.15.1-37.el7_7.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/krb5-devel@1.15.1-37.el7_7.4?arch=i686" } } }, { "category": "product_version", "name": "krb5-libs-0:1.15.1-37.el7_7.4.i686", "product": { "name": "krb5-libs-0:1.15.1-37.el7_7.4.i686", "product_id": "krb5-libs-0:1.15.1-37.el7_7.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/krb5-libs@1.15.1-37.el7_7.4?arch=i686" } } }, { "category": "product_version", "name": "libkadm5-0:1.15.1-37.el7_7.4.i686", "product": { "name": "libkadm5-0:1.15.1-37.el7_7.4.i686", "product_id": "libkadm5-0:1.15.1-37.el7_7.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libkadm5@1.15.1-37.el7_7.4?arch=i686" } } }, { "category": "product_version", "name": "krb5-debuginfo-0:1.15.1-37.el7_7.4.i686", "product": { "name": "krb5-debuginfo-0:1.15.1-37.el7_7.4.i686", "product_id": "krb5-debuginfo-0:1.15.1-37.el7_7.4.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/krb5-debuginfo@1.15.1-37.el7_7.4?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "krb5-0:1.15.1-37.el7_7.4.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)", "product_id": "7Server-7.7.AUS:krb5-0:1.15.1-37.el7_7.4.src" }, "product_reference": "krb5-0:1.15.1-37.el7_7.4.src", "relates_to_product_reference": "7Server-7.7.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "krb5-debuginfo-0:1.15.1-37.el7_7.4.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)", "product_id": "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.i686" }, "product_reference": "krb5-debuginfo-0:1.15.1-37.el7_7.4.i686", "relates_to_product_reference": "7Server-7.7.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "krb5-debuginfo-0:1.15.1-37.el7_7.4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)", "product_id": "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.x86_64" }, "product_reference": "krb5-debuginfo-0:1.15.1-37.el7_7.4.x86_64", "relates_to_product_reference": "7Server-7.7.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "krb5-devel-0:1.15.1-37.el7_7.4.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)", "product_id": "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.i686" }, "product_reference": "krb5-devel-0:1.15.1-37.el7_7.4.i686", "relates_to_product_reference": "7Server-7.7.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "krb5-devel-0:1.15.1-37.el7_7.4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)", "product_id": "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.x86_64" }, "product_reference": "krb5-devel-0:1.15.1-37.el7_7.4.x86_64", "relates_to_product_reference": "7Server-7.7.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "krb5-libs-0:1.15.1-37.el7_7.4.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)", "product_id": "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.i686" }, "product_reference": "krb5-libs-0:1.15.1-37.el7_7.4.i686", "relates_to_product_reference": "7Server-7.7.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "krb5-libs-0:1.15.1-37.el7_7.4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)", "product_id": "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.x86_64" }, "product_reference": "krb5-libs-0:1.15.1-37.el7_7.4.x86_64", "relates_to_product_reference": "7Server-7.7.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "krb5-pkinit-0:1.15.1-37.el7_7.4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)", "product_id": "7Server-7.7.AUS:krb5-pkinit-0:1.15.1-37.el7_7.4.x86_64" }, "product_reference": "krb5-pkinit-0:1.15.1-37.el7_7.4.x86_64", "relates_to_product_reference": "7Server-7.7.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "krb5-server-0:1.15.1-37.el7_7.4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)", "product_id": "7Server-7.7.AUS:krb5-server-0:1.15.1-37.el7_7.4.x86_64" }, "product_reference": "krb5-server-0:1.15.1-37.el7_7.4.x86_64", "relates_to_product_reference": "7Server-7.7.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "krb5-server-ldap-0:1.15.1-37.el7_7.4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)", "product_id": "7Server-7.7.AUS:krb5-server-ldap-0:1.15.1-37.el7_7.4.x86_64" }, "product_reference": "krb5-server-ldap-0:1.15.1-37.el7_7.4.x86_64", "relates_to_product_reference": "7Server-7.7.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "krb5-workstation-0:1.15.1-37.el7_7.4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)", "product_id": "7Server-7.7.AUS:krb5-workstation-0:1.15.1-37.el7_7.4.x86_64" }, "product_reference": "krb5-workstation-0:1.15.1-37.el7_7.4.x86_64", "relates_to_product_reference": "7Server-7.7.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "libkadm5-0:1.15.1-37.el7_7.4.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)", "product_id": "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.i686" }, "product_reference": "libkadm5-0:1.15.1-37.el7_7.4.i686", "relates_to_product_reference": "7Server-7.7.AUS" }, { "category": "default_component_of", "full_product_name": { "name": "libkadm5-0:1.15.1-37.el7_7.4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)", "product_id": "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.x86_64" }, "product_reference": "libkadm5-0:1.15.1-37.el7_7.4.x86_64", "relates_to_product_reference": "7Server-7.7.AUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-37370", "discovery_date": "2024-06-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2294677" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "krb5: GSS message token handling", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability has an ability to disrupt authentication process and attackers able to alter the token data durning the transmission which leads to disruption in service and an attacker can void the integrity by altering the token durning the transmission for authentication process. This has been rated as moderate by Redhat as the vulnerability cannot be exploited in a way that it leads to a loss of availability or integrity,when in transmission token count field can be changed making the token appear truncated.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.7.AUS:krb5-0:1.15.1-37.el7_7.4.src", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-pkinit-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-ldap-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-workstation-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-37370" }, { "category": "external", "summary": "RHBZ#2294677", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294677" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-37370", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-37370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37370" }, { "category": "external", "summary": "https://web.mit.edu/kerberos/www/krb5-1.21/", "url": "https://web.mit.edu/kerberos/www/krb5-1.21/" } ], "release_date": "2024-06-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-13T15:43:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.7.AUS:krb5-0:1.15.1-37.el7_7.4.src", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-pkinit-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-ldap-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-workstation-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5316" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-7.7.AUS:krb5-0:1.15.1-37.el7_7.4.src", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-pkinit-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-ldap-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-workstation-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-7.7.AUS:krb5-0:1.15.1-37.el7_7.4.src", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-pkinit-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-ldap-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-workstation-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "krb5: GSS message token handling" }, { "cve": "CVE-2024-37371", "discovery_date": "2024-06-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2294676" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "krb5: GSS message token handling", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is classified as a moderate severity vulnerability because, while it allows an attacker to modify the plaintext \"Extra Count\" field of a GSS krb5 wrap token, the impact is primarily limited to token truncation at the application layer. This truncation can disrupt services but does not directly lead to a full compromise of confidentiality or integrity. The attack requires that the attacker already has access to a valid token transmission to modify, meaning it cannot be exploited remotely without first obtaining or intercepting a valid token.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.7.AUS:krb5-0:1.15.1-37.el7_7.4.src", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-pkinit-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-ldap-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-workstation-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-37371" }, { "category": "external", "summary": "RHBZ#2294676", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-37371", "url": "https://www.cve.org/CVERecord?id=CVE-2024-37371" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-37371", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37371" }, { "category": "external", "summary": "https://web.mit.edu/kerberos/www/krb5-1.21/", "url": "https://web.mit.edu/kerberos/www/krb5-1.21/" } ], "release_date": "2024-06-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-08-13T15:43:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.7.AUS:krb5-0:1.15.1-37.el7_7.4.src", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-pkinit-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-ldap-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-workstation-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:5316" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-7.7.AUS:krb5-0:1.15.1-37.el7_7.4.src", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-pkinit-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-ldap-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-workstation-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-7.7.AUS:krb5-0:1.15.1-37.el7_7.4.src", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-debuginfo-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-devel-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:krb5-libs-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-pkinit-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-server-ldap-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:krb5-workstation-0:1.15.1-37.el7_7.4.x86_64", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.i686", "7Server-7.7.AUS:libkadm5-0:1.15.1-37.el7_7.4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "krb5: GSS message token handling" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.