Bug 2294677 (CVE-2024-37370)
| Summary: | CVE-2024-37370 krb5: GSS message token handling | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abokovoy, adudiak, bdettelb, brking, crizzo, davidn, doconnor, epacific, haoli, hkataria, jajackso, jcammara, jhardy, jmitchel, jneedle, jobarker, jrische, jtanner, kegrant, koliveir, kshier, mabashia, omaciel, pbraun, shvarugh, simaishi, smcdonal, stcannon, teagle, tfister, thavo, yguenane, zsadeh |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2294678 | ||
| Bug Blocks: | 2294679 | ||
|
Description
Patrick Del Bello
2024-06-28 03:22:09 UTC
Created krb5 tracking bugs for this issue: Affects: fedora-all [bug 2294678] This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:4734 https://access.redhat.com/errata/RHSA-2024:4734 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:4743 https://access.redhat.com/errata/RHSA-2024:4743 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2024:5076 https://access.redhat.com/errata/RHSA-2024:5076 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5312 https://access.redhat.com/errata/RHSA-2024:5312 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2024:5316 https://access.redhat.com/errata/RHSA-2024:5316 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:5625 https://access.redhat.com/errata/RHSA-2024:5625 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:5643 https://access.redhat.com/errata/RHSA-2024:5643 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2024:5884 https://access.redhat.com/errata/RHSA-2024:5884 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6166 https://access.redhat.com/errata/RHSA-2024:6166 This issue has been addressed in the following products: Service Interconnect 1.4 for RHEL 9 Via RHSA-2024:7213 https://access.redhat.com/errata/RHSA-2024:7213 This issue has been addressed in the following products: Service Interconnect 1 for RHEL 9 Via RHSA-2024:7374 https://access.redhat.com/errata/RHSA-2024:7374 |