Main Vulnerability Database SB2024061922

SB2024061922 - Red Hat Enterprise Linux 9 update for ipa

Published: June 19, 2024 Updated: February 6, 2026

Security Bulletin ID SB2024061922

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Authorization (CVE-ID: CVE-2024-2698)

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to an error in ipadb_match_acl() within the initial implementation of MS-SFU by MIT Kerberos, which was missing a condition for granting the “forwardable” flag on S4U2Self tickets. This results in S4U2Proxy requests to be accepted regardless of the fact there is a matching service delegation rule or not.

Note, this vulnerability does not affect default FreeIPA deployments because the services which have delegation rules defined are on IPA servers themselves. Services having RBCD (resource-based constrained delegation) rules are not affected by this vulnerability either.

2) Use of Password Hash With Insufficient Computational Effort (CVE-ID: CVE-2024-3183)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses principal key to encrypt tickets. A remote attacker can brute-force the principal key and decrypt communication between KDC and the client.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2024:3757