Vulnerability CVE-2017-7562


Published: 2018-07-26

Description:
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.

Type:

CWE-287

(Improper Authentication)

Vendor: Redhat
Product: Enterprise linux desktop 
Version: 7.0;
Product: Enterprise linux workstation 
Version: 7.0;
Product: Enterprise linux 
Version: 7.0;
Product: Enterprise linux server 
Version: 7.0;
Vendor: MIT
Product: Kerberos 
Version:
5-1.9.4
5-1.9.3
5-1.9.2
5-1.9.1
5-1.9
5-1.8.6
5-1.8.5
5-1.8.4
5-1.8.3
5-1.8.2
5-1.8.1
5-1.8
5-1.7.1
5-1.7
5-1.6.2
5-1.6.1
5-1.6
5-1.5.3
5-1.5.2
5-1.5.1
5-1.5
5-1.4.4
5-1.4.3
5-1.4.2
5-1.4.1
5-1.4
5-1.3.6
5-1.3.5
5-1.3.4
5-1.3.3
5-1.3.2
5-1.3.1
5-1.3
5-1.2.8
5-1.2.7
5-1.2.6
5-1.2.5
5-1.2.4
5-1.2.3
5-1.2.2
5-1.2.1
5-1.2
5-1.15.1
5-1.15
5-1.14.5
5-1.14.4
5-1.14.3
5-1.14.2
5-1.14.1
5-1.14.0
5-1.14
5-1.13.6
5-1.13.5
5-1.13.4
5-1.13.3
5-1.13.2
5-1.13.1
5-1.13
5-1.12.5
5-1.12.4
5-1.12.3
5-1.12.2
5-1.12.1
5-1.12
5-1.11.5
5-1.11.4
5-1.11.3
5-1.11.2
5-1.11.1
5-1.11
5-1.10.4
5-1.10.3
5-1.10.2
5-1.10.1
5-1.10
5-1.1
5
4.0

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.securityfocus.com/bid/100511
https://access.redhat.com/errata/RHSA-2018:0666
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562
https://github.com/krb5/krb5/pull/694
https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196
https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2
https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d

Related CVE
CVE-2019-14844
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.
CVE-2018-20217
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U...
CVE-2018-5730
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string w...
CVE-2018-5729
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to th...
CVE-2018-5710
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows ...
CVE-2018-5709
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data...
CVE-2017-15088
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applicatio...
CVE-2017-11462
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

Copyright 2019, cxsecurity.com

 

Back to Top