Bug 2359465 (CVE-2025-3576)
| Summary: | CVE-2025-3576 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abokovoy, brking, haoli, hkataria, jajackso, jcammara, jmitchel, jneedle, jrische, kegrant, koliveir, kshier, mabashia, pbraun, security-response-team, shvarugh, simaishi, smcdonal, stcannon, teagle, tfister, thavo, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2359672, 2359673, 2359705 | ||
| Bug Blocks: | |||
| Deadline: | 2025-04-14 | ||
|
Description
OSIDB Bzimport
2025-04-14 11:06:28 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:8411 https://access.redhat.com/errata/RHSA-2025:8411 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:9418 https://access.redhat.com/errata/RHSA-2025:9418 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:9430 https://access.redhat.com/errata/RHSA-2025:9430 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:13664 https://access.redhat.com/errata/RHSA-2025:13664 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:13777 https://access.redhat.com/errata/RHSA-2025:13777 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:15003 https://access.redhat.com/errata/RHSA-2025:15003 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:15000 https://access.redhat.com/errata/RHSA-2025:15000 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:15002 https://access.redhat.com/errata/RHSA-2025:15002 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:15004 https://access.redhat.com/errata/RHSA-2025:15004 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:15001 https://access.redhat.com/errata/RHSA-2025:15001 |