Lucene search

K
redhatRedHatRHSA-2024:4734
HistoryJul 23, 2024 - 2:41 p.m.

(RHSA-2024:4734) Moderate: krb5 security update

2024-07-2314:41:35
access.redhat.com
9
kerberos
network authentication
security update

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

37.7%

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es):

  • krb5: GSS message token handling (CVE-2024-37370)

  • krb5: GSS message token handling (CVE-2024-37371)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

37.7%