Lucene search

K
redhatRedHatRHSA-2024:6166
HistorySep 03, 2024 - 5:29 a.m.

(RHSA-2024:6166) Moderate: krb5 security update

2024-09-0305:29:23
access.redhat.com
8
network authentication
kerberos
security update
gss message token handling

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

9.5

Confidence

High

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es):

  • krb5: GSS message token handling (CVE-2024-37371)

  • krb5: GSS message token handling (CVE-2024-37370)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatkrb5-0Range1.15.1-37.el7_7.4
OR
redhatkrb5-0Range1.15.1-55.el7_9.2
OR
redhatkrb5Range1.18.2-29.el8_10
OR
redhatkrb5-0Range1.17-19.el8_2.1
OR
redhatkrb5-0Range1.18.2-9.el8_4.1
OR
redhatkrb5-0Range1.18.2-16.el8_6.1
OR
redhatkrb5-0Range1.18.2-26.el8_8.2
OR
redhatkrb5Range1.21.1-2.el9_4
OR
redhatkrb5-0Range1.19.1-16.el9_0.1
OR
redhatkrb5-0Range1.20.1-9.el9_2.1
OR
redhatservice_interconnectRange1.4.7-3
OR
redhatservice_interconnectRange1.4.7-3
OR
redhatservice_interconnectRange1.4.7-4
OR
redhatservice_interconnectRange2.4.3-7
OR
redhatservice_interconnectRange1.4.7-3
OR
redhatservice_interconnectRange1.4.7-3
OR
redhatservice_interconnectRange1.4.7-2
OR
redhatservice_interconnectRange1.4.7-2
OR
redhatservice_interconnectRange1.4.7-2
OR
redhatservice_interconnectRange2.4.3-6
OR
redhatservice_interconnectRange1.4.7-2
OR
redhatservice_interconnectRange1.4.7-2
OR
redhatservice_interconnectRange1.5.5-3
OR
redhatservice_interconnectRange1.5.5-3
OR
redhatservice_interconnectRange1.5.5-3
OR
redhatservice_interconnectRange1.5.5-3
OR
redhatservice_interconnectRange1.5.5-3
OR
redhatservice_interconnectRange2.5.3-5
OR
redhatservice_interconnectRange1.5.5-3
OR
redhatservice_interconnectRange1.5.5-3
AND
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatch9
VendorProductVersionCPE
redhatkrb5-0*cpe:2.3:a:redhat:krb5-0:*:*:*:*:*:*:*:*
redhatkrb5*cpe:2.3:a:redhat:krb5:*:*:*:*:*:*:*:*
redhatservice_interconnect*cpe:2.3:a:redhat:service_interconnect:*:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
redhatenterprise_linux9cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

9.5

Confidence

High