TR | EN | DE | Our Site

MIT Kerberos 5 Vulnerabilities CVE-2024-37371 and CVE-2024-37370

byAurora_Feniks -

 

  MIT Kerberos 5 Vulnerabilities CVE-2024-37371 and CVE-2024-37370


June 29, 2024

MIT Kerberos 5 (krb5), a widely used open-source implementation of the Kerberos network authentication protocol, has recently been found to contain two critical vulnerabilities that could allow attackers to compromise the security of systems relying on Kerberos authentication. (June 28, 2024)


 CVE-2024-37371: Invalid Memory Reads in GSS Message Token Handling


CVE-2024-37371 affects krb5 versions before 1.21.3 and allows an attacker to cause invalid memory reads during the handling of GSS (Generic Security Services) message tokens. By sending message tokens with invalid length fields, an attacker can trigger this vulnerability and potentially lead to denial of service or other security issues.


This vulnerability was discovered and patched in krb5 version 1.21.3, released on June 21, 2024. 


 CVE-2024-37370: Truncation of Confidential GSS krb5 Wrap Tokens


CVE-2024-37370 is another vulnerability in krb5 versions before 1.21.3 that allows an attacker to modify the plaintext Extra Count field of a confidential GSS krb5 wrap token. This modification can cause the unwrapped token to appear truncated to the application, potentially leading to information disclosure or other security issues.


Like CVE-2024-37371, this vulnerability was also discovered and patched in krb5 version 1.21.3. 


 Importance of Regular Vulnerability Monitoring


MIT Kerberos 5 has a history of security vulnerabilities, with several critical issues discovered over the years, including remote code execution and denial of service vulnerabilities. To monitor for new vulnerabilities in MIT Kerberos 5, users should regularly check the MIT Kerberos Security Advisories page[2] and security vulnerability databases like CVE Details and CISA alerts. Subscribing to security feeds can also help stay up-to-date on the latest Kerberos vulnerabilities.


In conclusion, CVE-2024-37371 and CVE-2024-37370 are two critical vulnerabilities in MIT Kerberos 5 that could allow attackers to compromise the security of systems relying on Kerberos authentication. 



Tags

Aurora_Feniks

I have extensive experience working on various projects within the IT field, which has provided me with a comprehensive understanding of all areas related to information technology. My expertise in cyber security and my hands-on experience with current scenarios have given me a well-rounded perspective on security issues.

You might like

View all

Post a Comment

Hello, share your thoughts with us.

Previous Post Next Post

İletişim Formu