Lucene search
PRIOn knowledge basePRION:CVE-2017-7562HistoryJul 26, 2018 - 3:29 p.m.
Authentication flaw
2018-07-2615:29:00
PRIOn knowledge base
www.prio-n.com
6
An authentication bypass flaw was found in the way krb5’s certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.
| CPE | Name | Operator | Version |
|---|---|---|---|
| kerberos_5 | ge | 1.0 | |
| kerberos_5 | lt | 1.16.1 | |
| enterprise_linux | eq | 7.0 | |
| enterprise_linux_desktop | eq | 7.0 | |
| enterprise_linux_server | eq | 7.0 | |
| enterprise_linux_workstation | eq | 7.0 |
References
www.securityfocus.com/bid/100511
access.redhat.com/errata/RHSA-2018:0666
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562
github.com/krb5/krb5/pull/694
github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196
github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2
github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d
Related
veracode
veracode
Authentication Bypass
2018-06-01 10:25:51
nvd
nvd
CVE-2017-7562
2018-07-26 15:29:00
osv
osv
CVE-2017-7562
2018-07-26 15:29:00
cve
cve
CVE-2017-7562
2018-07-26 15:29:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:1425-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2019-1167)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2018-1408)
2020-01-23 00:00:00
ubuntucve
ubuntucve
CVE-2017-7562
2018-07-26 00:00:00
redhatcve
redhatcve
CVE-2017-7562
2017-08-25 22:18:27
debiancve
debiancve
CVE-2017-7562
2018-07-26 15:29:00
nessus
nessus
SUSE SLES12 Security Update : krb5 (SUSE-SU-2018:1425-1)
2018-05-29 00:00:00
Amazon Linux AMI : krb5 (ALAS-2018-1010)
2018-09-07 00:00:00
EulerOS 2.0 SP3 : krb5 (EulerOS-SA-2018-1361)
2018-11-07 00:00:00
cvelist
cvelist
CVE-2017-7562
2018-07-26 15:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Kerberos affect Power Hardware Management Console (CVE-2017-11368, CVE-2017-7562)
2021-09-22 23:05:38
Security Bulletin: IBM Security Access Manager Appliance is affected by Kerberos vulnerabilities (CVE-2017-11368, CVE-2017-7562)
2018-08-21 19:51:06
Security Bulletin: Vulnerabilities in krb5 affect PowerKVM
2018-07-07 00:08:59
amazon
amazon
Medium: krb5
2018-09-05 19:27:00
Medium: krb5
2018-05-10 17:18:00
centos
centos
krb5, libkadm5 security update
2018-04-26 17:43:57
oraclelinux
oraclelinux
krb5 security, bug fix, and enhancement update
2018-04-16 00:00:00
redhat
redhat
(RHSA-2018:0666) Moderate: krb5 security, bug fix, and enhancement update
2018-04-10 04:57:46
mageia
mageia
Updated krb5 packages fix security vulnerabilities
2017-11-21 00:18:02