PT-2018-8407 · Mit+4 · Kerberos+4

Pedrohc

Publicado

2017-11-20

Atualizado

2023-02-12

CVE-2017-7562

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Kerberos versions prior to 1.16.1

Description An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.

Recommendations For versions prior to 1.16.1, update to version 1.16.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the certauth interface until a patch is available.

Correção

Improper Certificate Validation

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295CWE-287

Identificadores relacionados

ALT-PU-2018-2231

CESA-2018_0666

CVE-2017-7562

MGASA-2017-0420

RHSA-2018:0666

RHSA-2018_0666

SUSE-SU-2018:1425-1

SUSE-SU-2018_1425-1

Produtos afetados

Alt Linux

Centos

Kerberos

Red Hat

Suse

PT-2018-8407 · Mit+4 · Kerberos+4

CVE-2017-7562

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 22