Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1485510 - (CVE-2017-7562) CVE-2017-7562 krb5: Authentication bypass by improper validation of certificate EKU and SAN
CVE-2017-7562 krb5: Authentication bypass by improper validation of certifica...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20170825,repor...
: Security
Depends On: 1498767
Blocks: 1485513 1498774
  Show dependency treegraph
 
Reported: 2017-08-25 18:00 EDT by Pedro Sampaio
Modified: 2018-10-19 17:42 EDT (History)
40 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0666 None None None 2018-04-10 04:03 EDT

  None (edit)
Description Pedro Sampaio 2017-08-25 18:00:29 EDT 
A flaw was found in krb5 certificate EKU validation which could lead to improper authorization if a forged certificate with the right EKU and no SAN is used.

The PKINIT certauth eku module should never authoritatively authorize
a certificate, because an extended key usage does not establish a
relationship between the certificate and any specific user; it only
establishes that the certificate was created for PKINIT client
authentication.

Upstream bug:

https://github.com/krb5/krb5/pull/694

Upstream patch:

https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2
https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196
https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d
Comment 7 errata-xmlrpc 2018-04-10 04:02:54 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0666 https://access.redhat.com/errata/RHSA-2018:0666
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.