CVE-2017-7562

Опубликовано: 25 авг. 2017

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.

An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	krb5	Not affected
Red Hat Enterprise Linux 6	krb5	Not affected
Red Hat JBoss Core Services	krb5	Not affected
Red Hat JBoss Enterprise Application Platform 6	krb5	Not affected
Red Hat JBoss Enterprise Web Server 2	krb5	Not affected
Red Hat Enterprise Linux 7	krb5	Fixed	RHSA-2018:0666	10.04.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-295->CWE-287

https://bugzilla.redhat.com/show_bug.cgi?id=1485510krb5: Authentication bypass by improper validation of certificate EKU and SAN

EPSS

Процентиль: 48%

0.00245

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-7562

CVSS3: 6.5

ubuntu

больше 7 лет назад

CVE-2017-7562

CVSS3: 6.5

nvd

больше 7 лет назад

CVE-2017-7562

CVSS3: 6.5

debian

больше 7 лет назад

An authentication bypass flaw was found in the way krb5's certauth int ...

SUSE-SU-2018:1425-1

suse-cvrf

больше 7 лет назад

Security update for krb5

GHSA-vg8p-42hp-9g25

CVSS3: 6.5

github

больше 3 лет назад

EPSS

Процентиль: 48%

0.00245

Низкий

6.5 Medium

CVSS3