An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has krb5 packages installed that are affected by multiple vulnerabilities:

  - An authentication bypass flaw was found in the way     krb5's certauth interface handled the validation of     client certificates. A remote attacker able to     communicate with the KDC could potentially use this flaw     to impersonate arbitrary principals under rare and     erroneous circumstances. (CVE-2017-7562)

  - A denial of service flaw was found in MIT Kerberos     krb5kdc service. An authenticated attacker could use     this flaw to cause krb5kdc to exit with an assertion     failure by making an invalid S4U2Self or S4U2Proxy     request. (CVE-2017-11368)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - An authentication bypass flaw was found in the way     krb5's certauth interface handled the validation of     client certificates. A remote attacker able to     communicate with the KDC could potentially use this     flaw to impersonate arbitrary principals under rare and     erroneous circumstances. (CVE-2017-7562)

  - A denial of service flaw was found in MIT Kerberos     krb5kdc service. An authenticated attacker could use     this flaw to cause krb5kdc to exit with an assertion     failure by making an invalid S4U2Self or S4U2Proxy     request.i1/4^CVE-2017-11368i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - An authentication bypass flaw was found in the way     krb5's certauth interface before 1.16.1 handled the     validation of client certificates. A remote attacker     able to communicate with the KDC could potentially use     this flaw to impersonate arbitrary principals under     rare and erroneous circumstances.(CVE-2017-7562)

  - In MIT Kerberos 5 (aka krb5) 1.7 and later, an     authenticated attacker can cause a KDC assertion     failure by sending invalid S4U2Self or S4U2Proxy     requests.(CVE-2017-11368)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A denial of service flaw was found in MIT Kerberos     krb5kdc service. An authenticated attacker could use     this flaw to cause krb5kdc to exit with an assertion     failure by making an invalid S4U2Self or S4U2Proxy     request.(CVE-2017-11368)

  - An authentication bypass flaw was found in the way     krb5's certauth interface handled the validation of     client certificates. A remote attacker able to     communicate with the KDC could potentially use this     flaw to impersonate arbitrary principals under rare and     erroneous circumstances.(CVE-2017-7562)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request.(CVE-2017-11368)

An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.(CVE-2017-7562)

This update for krb5 provides the following fixes: Security issues fixed :

  - CVE-2017-7562: Improper validation of certificate EKU     and SAN could lead to authentication bypass.
    (bsc#1055851) Non-security issues fixed :

  - Set 'rdns' and 'dns_canonicalize_hostname' to false in     krb5.conf in order to improve client security in     handling service principle names. (bsc#1054028)

  - Fix a GSS failure in legacy applications by not     indicating deprecated GSS mechanisms in     gss_indicate_mech() list. (bsc#1081725)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Authentication bypass by improper validation of certificate EKU and SAN

An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.(CVE-2017-7562)

Invalid S4U2Self or S4U2Proxy request causes assertion failure

A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request.( CVE-2017-11368)

Security Fix(es) :

  - krb5: Authentication bypass by improper validation of     certificate EKU and SAN (CVE-2017-7562)

  - krb5: Invalid S4U2Self or S4U2Proxy request causes     assertion failure (CVE-2017-11368)

Additional Changes :

An update for krb5 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es) :

* krb5: Authentication bypass by improper validation of certificate EKU and SAN (CVE-2017-7562)

* krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure (CVE-2017-11368)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.

From Red Hat Security Advisory 2018:0666 :

An update for krb5 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es) :

* krb5: Authentication bypass by improper validation of certificate EKU and SAN (CVE-2017-7562)

* krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure (CVE-2017-11368)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0666 advisory.

  - krb5: Authentication bypass by improper validation of certificate EKU and SAN (CVE-2017-7562)

  - krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure (CVE-2017-11368)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
127186	NewStart CGSL CORE 5.04 / MAIN 5.04 : krb5 Multiple Vulnerabilities (NS-SA-2019-0025)	Nessus	NewStart CGSL Local Security Checks	medium
123853	EulerOS Virtualization 2.5.3 : krb5 (EulerOS-SA-2019-1167)	Nessus	Huawei Local Security Checks	medium
119897	EulerOS Virtualization 2.5.2 : krb5 (EulerOS-SA-2018-1408)	Nessus	Huawei Local Security Checks	medium
118755	EulerOS 2.0 SP3 : krb5 (EulerOS-SA-2018-1361)	Nessus	Huawei Local Security Checks	medium
118737	EulerOS 2.0 SP2 : krb5 (EulerOS-SA-2018-1354)	Nessus	Huawei Local Security Checks	medium
117342	Amazon Linux AMI : krb5 (ALAS-2018-1010)	Nessus	Amazon Linux Local Security Checks	medium
110184	SUSE SLES12 Security Update : krb5 (SUSE-SU-2018:1425-1)	Nessus	SuSE Local Security Checks	medium
109689	Amazon Linux 2 : krb5 (ALAS-2018-1010)	Nessus	Amazon Linux Local Security Checks	medium
109450	Scientific Linux Security Update : krb5 on SL7.x x86_64 (20180410)	Nessus	Scientific Linux Local Security Checks	medium
109370	CentOS 7 : krb5 (CESA-2018:0666)	Nessus	CentOS Local Security Checks	medium
109104	Oracle Linux 7 : krb5 (ELSA-2018-0666)	Nessus	Oracle Linux Local Security Checks	medium
108983	RHEL 7 : krb5 (RHSA-2018:0666)	Nessus	Red Hat Local Security Checks	medium

Detections

Analytics

CVE-2017-7562

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium