Bug 2359465 (CVE-2025-3576)
| Summary: | CVE-2025-3576 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abokovoy, brking, davidn, haoli, hkataria, jajackso, jcammara, jmitchel, jneedle, jrische, kegrant, koliveir, kshier, mabashia, pbraun, security-response-team, shvarugh, simaishi, smcdonal, stcannon, teagle, tfister, thavo, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2359672, 2359673, 2359705 | ||
| Bug Blocks: | |||
| Deadline: | 2025-04-14 | ||
|
Description
OSIDB Bzimport
2025-04-14 11:06:28 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:8411 https://access.redhat.com/errata/RHSA-2025:8411 |