Lucene search

CentOS ProjectCESA-2021:4788

HistoryDec 02, 2021 - 11:54 p.m.

krb5, libkadm5 security update

2021-12-0223:54:17

CentOS Project

lists.centos.org

kerberos authentication

network security

null pointer dereference

cve-2021-37750

red hat

centos

security advisory

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.004

Percentile

73.3%

JSON

CentOS Errata and Security Advisory CESA-2021:4788

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es):

krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field (CVE-2021-37750)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2021-December/086213.html

Affected packages:
krb5-devel
krb5-libs
krb5-pkinit
krb5-server
krb5-server-ldap
krb5-workstation
libkadm5

Upstream details at:
https://access.redhat.com/errata/RHSA-2021:4788

OSVersionArchitecturePackageVersionFilename
CentOS7i686krb5-devel< 1.15.1-51.el7_9krb5-devel-1.15.1-51.el7_9.i686.rpm
CentOS7x86_64krb5-devel< 1.15.1-51.el7_9krb5-devel-1.15.1-51.el7_9.x86_64.rpm
CentOS7i686krb5-libs< 1.15.1-51.el7_9krb5-libs-1.15.1-51.el7_9.i686.rpm
CentOS7x86_64krb5-libs< 1.15.1-51.el7_9krb5-libs-1.15.1-51.el7_9.x86_64.rpm
CentOS7x86_64krb5-pkinit< 1.15.1-51.el7_9krb5-pkinit-1.15.1-51.el7_9.x86_64.rpm
CentOS7x86_64krb5-server< 1.15.1-51.el7_9krb5-server-1.15.1-51.el7_9.x86_64.rpm
CentOS7x86_64krb5-server-ldap< 1.15.1-51.el7_9krb5-server-ldap-1.15.1-51.el7_9.x86_64.rpm
CentOS7x86_64krb5-workstation< 1.15.1-51.el7_9krb5-workstation-1.15.1-51.el7_9.x86_64.rpm
CentOS7i686libkadm5< 1.15.1-51.el7_9libkadm5-1.15.1-51.el7_9.i686.rpm
CentOS7x86_64libkadm5< 1.15.1-51.el7_9libkadm5-1.15.1-51.el7_9.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	7	i686	krb5-devel	< 1.15.1-51.el7_9	krb5-devel-1.15.1-51.el7_9.i686.rpm
CentOS	7	x86_64	krb5-devel	< 1.15.1-51.el7_9	krb5-devel-1.15.1-51.el7_9.x86_64.rpm
CentOS	7	i686	krb5-libs	< 1.15.1-51.el7_9	krb5-libs-1.15.1-51.el7_9.i686.rpm
CentOS	7	x86_64	krb5-libs	< 1.15.1-51.el7_9	krb5-libs-1.15.1-51.el7_9.x86_64.rpm
CentOS	7	x86_64	krb5-pkinit	< 1.15.1-51.el7_9	krb5-pkinit-1.15.1-51.el7_9.x86_64.rpm
CentOS	7	x86_64	krb5-server	< 1.15.1-51.el7_9	krb5-server-1.15.1-51.el7_9.x86_64.rpm
CentOS	7	x86_64	krb5-server-ldap	< 1.15.1-51.el7_9	krb5-server-ldap-1.15.1-51.el7_9.x86_64.rpm
CentOS	7	x86_64	krb5-workstation	< 1.15.1-51.el7_9	krb5-workstation-1.15.1-51.el7_9.x86_64.rpm
CentOS	7	i686	libkadm5	< 1.15.1-51.el7_9	libkadm5-1.15.1-51.el7_9.i686.rpm
CentOS	7	x86_64	libkadm5	< 1.15.1-51.el7_9	libkadm5-1.15.1-51.el7_9.x86_64.rpm