Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:8411

Опубликовано: 29 июл. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es):

  • krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions (CVE-2025-3576)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
krb5-develx86_6432.el8_10krb5-devel-1.18.2-32.el8_10.x86_64.rpm
krb5-libsx86_6432.el8_10krb5-libs-1.18.2-32.el8_10.x86_64.rpm
krb5-pkinitx86_6432.el8_10krb5-pkinit-1.18.2-32.el8_10.x86_64.rpm
krb5-serverx86_6432.el8_10krb5-server-1.18.2-32.el8_10.x86_64.rpm
krb5-server-ldapx86_6432.el8_10krb5-server-ldap-1.18.2-32.el8_10.x86_64.rpm
krb5-workstationx86_6432.el8_10krb5-workstation-1.18.2-32.el8_10.x86_64.rpm
libkadm5x86_6432.el8_10libkadm5-1.18.2-32.el8_10.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-3576

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2025-3576

CVSS3: 5.9
ubuntu
4 месяца назад

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

redhat логотип

CVE-2025-3576

CVSS3: 5.9
redhat
4 месяца назад

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

nvd логотип

CVE-2025-3576

CVSS3: 5.9
nvd
4 месяца назад

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

debian логотип

CVE-2025-3576

CVSS3: 5.9
debian
4 месяца назад

A vulnerability in the MIT Kerberos implementation allows GSSAPI-prote ...

github логотип

GHSA-rfh5-gx7w-h7v7

CVSS3: 5.9
github
4 месяца назад

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.