Main Vulnerability Database SB2017082508

SB2017082508 - Authentication bypass in Kerberos

Published: August 25, 2017 Updated: April 25, 2018

Security Bulletin ID SB2017082508

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Authentication bypass (CVE-ID: CVE-2017-7562)

CWE-ID: CWE-592 - Authentication Bypass Issues

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote authenticated attacker to write arbitrary files on the target system.

The weakness exists due to an authentication bypass in the way krb5's certauth interface handled the validation of client certificates. A remote attacker can impersonate arbitrary principals under rare and erroneous circumstances.

Remediation

Install update from vendor's website.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562