CVE-2024-3049

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3049
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:3657 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3658 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3659 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3660 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3661 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4400
https://access.redhat.com/errata/RHSA-2024:4411
https://access.redhat.com/security/cve/CVE-2024-3049 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2272082 Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:clusterlabs:booth:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
History

13 Sep 2024, 22:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/', 'source': 'secalert@redhat.com'}

09 Jul 2024, 12:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4400 -
  • () https://access.redhat.com/errata/RHSA-2024:4411 -

16 Jun 2024, 16:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/ -

16 Jun 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/ -

11 Jun 2024, 17:54

Type Values Removed Values Added
First Time Redhat enterprise Linux For Power Little Endian Eus
Redhat
Clusterlabs
Clusterlabs booth
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux Server Update Services For Sap Solutions
Redhat enterprise Linux Eus
Redhat enterprise Linux
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux For Arm 64
CPE cpe:2.3:a:clusterlabs:booth:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 7.4 		v2 : unknown
v3 : 5.9
References () https://access.redhat.com/errata/RHSA-2024:3657 - () https://access.redhat.com/errata/RHSA-2024:3657 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:3658 - () https://access.redhat.com/errata/RHSA-2024:3658 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:3659 - () https://access.redhat.com/errata/RHSA-2024:3659 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:3660 - () https://access.redhat.com/errata/RHSA-2024:3660 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:3661 - () https://access.redhat.com/errata/RHSA-2024:3661 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2024-3049 - () https://access.redhat.com/security/cve/CVE-2024-3049 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2272082 - () https://bugzilla.redhat.com/show_bug.cgi?id=2272082 - Issue Tracking

06 Jun 2024, 14:17

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en Booth, un administrador de tickets de clúster. Si se pasa un hash especialmente manipulado a gcry_md_get_algo_dlen(), es posible que el servidor Booth acepte un HMAC no válido.

06 Jun 2024, 11:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:3657 -
  • () https://access.redhat.com/errata/RHSA-2024:3658 -
  • () https://access.redhat.com/errata/RHSA-2024:3659 -
  • () https://access.redhat.com/errata/RHSA-2024:3660 -
  • () https://access.redhat.com/errata/RHSA-2024:3661 -

06 Jun 2024, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-06 06:15

Updated : 2024-09-13 22:15

NVD link : CVE-2024-3049

Mitre link : CVE-2024-3049

CVE.ORG link : CVE-2024-3049

JSON object : View

Products Affected

redhat

  • enterprise_linux_for_arm_64
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux
  • enterprise_linux_server_update_services_for_sap_solutions
  • enterprise_linux_eus

clusterlabs

  • booth
CWE
CWE-345

Insufficient Verification of Data Authenticity