Bug 2165827

Summary: CVE-2022-37967: MS-PAC extended KDC signature [rhel-9]
Product: Red Hat Enterprise Linux 9 Reporter: Julien Rische <jrische>
Component: krb5Assignee: Julien Rische <jrische>
Status: CLOSED ERRATA QA Contact: Filip Dvorak <fdvorak>
Severity: unspecified Docs Contact: Filip Hanzelka <fhanzelk>
Priority: unspecified    
Version: 9.2CC: fdvorak, fhanzelk, gfialova
Target Milestone: rcKeywords: Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: krb5-1.20.1-6.el9 Doc Type: Enhancement
Doc Text:
.MIT Kerberos supports the Ticket and Extended KDC MS-PAC signatures With this update, MIT Kerberos, which is used by Red Hat, implements support for two types of the Privilege Attribute Certificate (PAC) signatures introduced by Microsoft in response to recent CVEs. Specifically, the following signatures are supported: * Ticket signature ** Released in link:https://support.microsoft.com/en-au/topic/kb4598347-managing-deployment-of-kerberos-s4u-changes-for-cve-2020-17049-569d60b7-3267-e2b0-7d9b-e46d770332ab[KB4598347] ** Addressing link:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17049[CVE-2020-17049], also known as the "Bronze-Bit" attack * Extended KDC signature ** Released in link:https://support.microsoft.com/en-us/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb[KB5020805] ** Addressing link:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967[CVE-2022-37967] See also link:https://access.redhat.com/errata/RHSA-2023:2570[RHSA-2023:2570] and `krb5-1.20.1-6.el9`.
 Story Points: ---
Clone Of:
: 2166001 2169477 (view as bug list) Environment:
Last Closed: 2023-05-09 08:25:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2166001, 2169477, 2182135    

Description Julien Rische 2023-01-31 08:49:07 UTC 
A paper by Tom Tervoort[1] noted that computing the PAC privsvr checksum over only the server checksum is vulnerable to collision attacks. In response, Microsoft has added a second KDC checksum over the full contents of the PAC[2].

This change will be required for PAC signatures to be accepted by AD from the 2023-07-11[3].

[1] https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Tervoort-Breaking-Kerberos-RC4-Cipher-and-Spoofing-Windows-PACs-wp.pdf
[2] https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-PAC/%5bMS-PAC%5d-20221212-diff.pdf
[3] https://support.microsoft.com/en-us/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb
Comment 1 Julien Rische 2023-01-31 08:50:37 UTC 
The fix is available upstream:
https://github.com/krb5/krb5/pull/1284
Comment 9 errata-xmlrpc 2023-05-09 08:25:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: krb5 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:2570