Bug 2294677 (CVE-2024-37370) - CVE-2024-37370 krb5: GSS message token handling
Summary: CVE-2024-37370 krb5: GSS message token handling
Keywords:
Status: NEW
Alias: CVE-2024-37370
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2294678
Blocks: 2294679
TreeView+ depends on / blocked
 
Reported: 2024-06-28 03:22 UTC by Patrick Del Bello
Modified: 2024-10-29 10:23 UTC (History)
33 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:5414 0 None None None 2024-08-14 19:54:32 UTC
Red Hat Product Errata RHBA-2024:5415 0 None None None 2024-08-14 20:59:06 UTC
Red Hat Product Errata RHBA-2024:5452 0 None None None 2024-08-15 08:06:27 UTC
Red Hat Product Errata RHBA-2024:5461 0 None None None 2024-08-15 12:49:46 UTC
Red Hat Product Errata RHBA-2024:5472 0 None None None 2024-08-15 18:36:50 UTC
Red Hat Product Errata RHBA-2024:5518 0 None None None 2024-08-19 00:42:36 UTC
Red Hat Product Errata RHBA-2024:5536 0 None None None 2024-08-19 06:09:44 UTC
Red Hat Product Errata RHBA-2024:5595 0 None None None 2024-08-20 09:04:05 UTC
Red Hat Product Errata RHBA-2024:5606 0 None None None 2024-08-20 10:59:37 UTC
Red Hat Product Errata RHBA-2024:5610 0 None None None 2024-08-20 13:02:41 UTC
Red Hat Product Errata RHBA-2024:5661 0 None None None 2024-08-20 19:38:13 UTC
Red Hat Product Errata RHBA-2024:5703 0 None None None 2024-08-21 12:14:24 UTC
Red Hat Product Errata RHBA-2024:5879 0 None None None 2024-08-27 01:40:02 UTC
Red Hat Product Errata RHBA-2024:6149 0 None None None 2024-09-03 01:49:32 UTC
Red Hat Product Errata RHBA-2024:6261 0 None None None 2024-09-03 22:11:30 UTC
Red Hat Product Errata RHBA-2024:6262 0 None None None 2024-09-03 22:11:47 UTC
Red Hat Product Errata RHBA-2024:6266 0 None None None 2024-09-03 23:40:45 UTC
Red Hat Product Errata RHBA-2024:6307 0 None None None 2024-09-04 10:55:32 UTC
Red Hat Product Errata RHBA-2024:6516 0 None None None 2024-09-09 20:22:59 UTC
Red Hat Product Errata RHBA-2024:6517 0 None None None 2024-09-09 20:43:02 UTC
Red Hat Product Errata RHBA-2024:6601 0 None None None 2024-09-11 14:14:22 UTC
Red Hat Product Errata RHBA-2024:6650 0 None None None 2024-09-12 14:28:36 UTC
Red Hat Product Errata RHBA-2024:6651 0 None None None 2024-09-12 14:38:01 UTC
Red Hat Product Errata RHBA-2024:6676 0 None None None 2024-09-16 05:51:20 UTC
Red Hat Product Errata RHBA-2024:6807 0 None None None 2024-09-19 02:59:23 UTC
Red Hat Product Errata RHSA-2024:4734 0 None None None 2024-07-23 14:55:06 UTC
Red Hat Product Errata RHSA-2024:4743 0 None None None 2024-07-23 15:27:56 UTC
Red Hat Product Errata RHSA-2024:5076 0 None None None 2024-08-07 10:16:33 UTC
Red Hat Product Errata RHSA-2024:5312 0 None None None 2024-08-13 15:27:43 UTC
Red Hat Product Errata RHSA-2024:5316 0 None None None 2024-08-13 15:39:58 UTC
Red Hat Product Errata RHSA-2024:5625 0 None None None 2024-08-20 15:49:54 UTC
Red Hat Product Errata RHSA-2024:5643 0 None None None 2024-08-20 16:08:17 UTC
Red Hat Product Errata RHSA-2024:5884 0 None None None 2024-08-27 07:42:29 UTC
Red Hat Product Errata RHSA-2024:6166 0 None None None 2024-09-03 16:40:37 UTC
Red Hat Product Errata RHSA-2024:7213 0 None None None 2024-09-26 13:28:40 UTC
Red Hat Product Errata RHSA-2024:7374 0 None None None 2024-09-30 10:26:22 UTC

Description Patrick Del Bello 2024-06-28 03:22:09 UTC
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.

Reference and upstream patch:
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef

Comment 1 Patrick Del Bello 2024-06-28 03:27:49 UTC
Created krb5 tracking bugs for this issue:

Affects: fedora-all [bug 2294678]

Comment 6 errata-xmlrpc 2024-07-23 14:55:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:4734 https://access.redhat.com/errata/RHSA-2024:4734

Comment 7 errata-xmlrpc 2024-07-23 15:27:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:4743 https://access.redhat.com/errata/RHSA-2024:4743

Comment 8 errata-xmlrpc 2024-08-07 10:16:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2024:5076 https://access.redhat.com/errata/RHSA-2024:5076

Comment 9 errata-xmlrpc 2024-08-13 15:27:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:5312 https://access.redhat.com/errata/RHSA-2024:5312

Comment 10 errata-xmlrpc 2024-08-13 15:39:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support

Via RHSA-2024:5316 https://access.redhat.com/errata/RHSA-2024:5316

Comment 11 errata-xmlrpc 2024-08-20 15:49:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:5625 https://access.redhat.com/errata/RHSA-2024:5625

Comment 12 errata-xmlrpc 2024-08-20 16:08:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:5643 https://access.redhat.com/errata/RHSA-2024:5643

Comment 13 errata-xmlrpc 2024-08-27 07:42:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:5884 https://access.redhat.com/errata/RHSA-2024:5884

Comment 14 errata-xmlrpc 2024-09-03 16:40:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6166 https://access.redhat.com/errata/RHSA-2024:6166

Comment 15 errata-xmlrpc 2024-09-26 13:28:38 UTC
This issue has been addressed in the following products:

  Service Interconnect 1.4 for RHEL 9

Via RHSA-2024:7213 https://access.redhat.com/errata/RHSA-2024:7213

Comment 16 errata-xmlrpc 2024-09-30 10:26:19 UTC
This issue has been addressed in the following products:

  Service Interconnect 1 for RHEL 9

Via RHSA-2024:7374 https://access.redhat.com/errata/RHSA-2024:7374


Note You need to log in before you can comment on or make changes to this bug.