First Last Prev Next    This bug is not in your last search results.
Bug 1178764 - (CVE-2020-17049) VUL-0: CVE-2020-17049: krb5: undisclosed kerberos issue may affect kinit
(CVE-2020-17049)
VUL-0: CVE-2020-17049: krb5: undisclosed kerberos issue may affect kinit
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
x86-64 SLES 12
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/271414/
CVSSv3.1:SUSE:CVE-2020-17049:7.2:(AV:...
:
Depends on:
Blocks: 1178754
  Show dependency treegraph
 
Reported: 2020-11-13 09:29 UTC by Alexander Bergmann
Modified: 2022-03-11 13:28 UTC (History)
7 users (show)

See Also:
Found By: SUSE Technical Services
Services Priority: 500
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2020-11-13 09:29:03 UTC 
+++ This bug was initially created as a clone of Bug #1178754 +++

There is a new vulnerability that Microsoft exposed that is impacting token renewals using kinit. Microsoft is providing a patch on Windows Domain controllers:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049
https://nvd.nist.gov/vuln/detail/CVE-2020-17049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17049

At this point it appears the CVE details have yet to be disclosed,
and it's unclear whether there's a patch for linux kerberos clients.
However Intel was wondering if there is an updated version of kinit to avoid this vulnerability.
Comment 1 Samuel Cabrero 2020-12-18 10:45:38 UTC 
@Alexander, per comments in bsc#1178754 I think this can be closed right?
Comment 2 Samuel Cabrero 2021-05-03 11:01:55 UTC 
Reassigned to security team to evaluate closing it.
Comment 3 Marcus Meissner 2021-09-17 09:41:59 UTC 
This issue only affects the Microsoft KDC, not the krb5 one.
First Last Prev Next    This bug is not in your last search results.