Bug 2359465 (CVE-2025-3576) - CVE-2025-3576 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions
Summary: CVE-2025-3576 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Mes...
Keywords:
Status: NEW
Alias: CVE-2025-3576
Deadline: 2025-04-14
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2359672 2359673 2359705
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-04-14 11:06 UTC by OSIDB Bzimport
Modified: 2025-10-10 15:04 UTC (History)
23 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:11308 0 None None None 2025-07-16 08:17:00 UTC
Red Hat Product Errata RHBA-2025:11330 0 None None None 2025-07-16 14:24:13 UTC
Red Hat Product Errata RHBA-2025:11703 0 None None None 2025-07-24 10:23:11 UTC
Red Hat Product Errata RHBA-2025:11704 0 None None None 2025-07-24 10:23:34 UTC
Red Hat Product Errata RHBA-2025:8440 0 None None None 2025-06-03 14:14:13 UTC
Red Hat Product Errata RHBA-2025:8515 0 None None None 2025-06-04 13:38:04 UTC
Red Hat Product Errata RHBA-2025:8612 0 None None None 2025-06-05 18:20:29 UTC
Red Hat Product Errata RHBA-2025:8613 0 None None None 2025-06-05 18:23:14 UTC
Red Hat Product Errata RHBA-2025:8617 0 None None None 2025-06-05 19:41:27 UTC
Red Hat Product Errata RHBA-2025:8790 0 None None None 2025-06-10 19:56:21 UTC
Red Hat Product Errata RHBA-2025:9009 0 None None None 2025-06-12 09:15:27 UTC
Red Hat Product Errata RHSA-2025:13664 0 None None None 2025-08-12 01:00:09 UTC
Red Hat Product Errata RHSA-2025:13777 0 None None None 2025-08-13 04:58:06 UTC
Red Hat Product Errata RHSA-2025:15000 0 None None None 2025-09-02 02:57:47 UTC
Red Hat Product Errata RHSA-2025:15001 0 None None None 2025-09-02 04:07:49 UTC
Red Hat Product Errata RHSA-2025:15002 0 None None None 2025-09-02 02:57:58 UTC
Red Hat Product Errata RHSA-2025:15003 0 None None None 2025-09-02 02:56:05 UTC
Red Hat Product Errata RHSA-2025:15004 0 None None None 2025-09-02 03:52:49 UTC
Red Hat Product Errata RHSA-2025:8411 0 None None None 2025-06-03 01:22:22 UTC
Red Hat Product Errata RHSA-2025:9418 0 None None None 2025-06-24 00:36:21 UTC
Red Hat Product Errata RHSA-2025:9430 0 None None None 2025-06-24 08:18:05 UTC

Description OSIDB Bzimport 2025-04-14 11:06:28 UTC 
Under specific configurations where RC4-HMAC-MD5 is negotiated for GSSAPI-secured communication, attackers can sniff messages and use MD5 collision techniques to craft altered messages that retain the same MIC (Message Integrity Code). The vulnerable checksum function from RFC4757 allows this due to its flawed use of MD5. The attack relies on RC4 being chosen over stronger encryption options and presumes attacker access to the network traffic.
Comment 3 errata-xmlrpc 2025-06-03 01:22:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:8411 https://access.redhat.com/errata/RHSA-2025:8411
Comment 25 errata-xmlrpc 2025-06-24 00:36:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:9418 https://access.redhat.com/errata/RHSA-2025:9418
Comment 26 errata-xmlrpc 2025-06-24 08:18:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:9430 https://access.redhat.com/errata/RHSA-2025:9430
Comment 49 errata-xmlrpc 2025-08-12 01:00:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:13664 https://access.redhat.com/errata/RHSA-2025:13664
Comment 51 errata-xmlrpc 2025-08-13 04:58:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:13777 https://access.redhat.com/errata/RHSA-2025:13777
Comment 57 errata-xmlrpc 2025-09-02 02:56:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:15003 https://access.redhat.com/errata/RHSA-2025:15003
Comment 58 errata-xmlrpc 2025-09-02 02:57:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:15000 https://access.redhat.com/errata/RHSA-2025:15000
Comment 59 errata-xmlrpc 2025-09-02 02:57:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:15002 https://access.redhat.com/errata/RHSA-2025:15002
Comment 60 errata-xmlrpc 2025-09-02 03:52:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:15004 https://access.redhat.com/errata/RHSA-2025:15004
Comment 61 errata-xmlrpc 2025-09-02 04:07:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:15001 https://access.redhat.com/errata/RHSA-2025:15001
Note You need to log in before you can comment on or make changes to this bug.