CVE-2017-7562 — MEDIUM (6.5)

Q: How severe is CVE-2017-7562?

CVE-2017-7562 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-7562?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Mit Kerberos 5.

Vulnerability Description

An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Workstation	7.0
Mit	Kerberos 5	>= 1.0, < 1.16.1

Related Weaknesses (CWE)

CWE-295 CWE-287

References

http://www.securityfocus.com/bid/100511Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:0666Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562Issue TrackingPatchThird Party Advisory
https://github.com/krb5/krb5/pull/694PatchThird Party Advisory
https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aeThird Party Advisory
https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8Third Party Advisory
https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430Third Party Advisory
http://www.securityfocus.com/bid/100511Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:0666Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562Issue TrackingPatchThird Party Advisory
https://github.com/krb5/krb5/pull/694PatchThird Party Advisory
https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aeThird Party Advisory
https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8Third Party Advisory
https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430Third Party Advisory

FAQ

What is CVE-2017-7562?

CVE-2017-7562 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could poten...

How severe is CVE-2017-7562?

CVE-2017-7562 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-7562?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Mit Kerberos 5.