CVE-2024-3049

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3049
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:3657 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3658 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3659 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3660 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3661 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4400
https://access.redhat.com/errata/RHSA-2024:4411
https://access.redhat.com/security/cve/CVE-2024-3049 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2272082 Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:clusterlabs:booth:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
History

13 Sep 2024, 22:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/', 'source': 'secalert@redhat.com'}

09 Jul 2024, 12:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:4400 -
  • () https://access.redhat.com/errata/RHSA-2024:4411 -

16 Jun 2024, 16:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/ -

16 Jun 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/ -

11 Jun 2024, 17:54

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.4 		v2 : unknown
v3 : 5.9
References () https://access.redhat.com/errata/RHSA-2024:3657 - () https://access.redhat.com/errata/RHSA-2024:3657 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:3658 - () https://access.redhat.com/errata/RHSA-2024:3658 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:3659 - () https://access.redhat.com/errata/RHSA-2024:3659 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:3660 - () https://access.redhat.com/errata/RHSA-2024:3660 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:3661 - () https://access.redhat.com/errata/RHSA-2024:3661 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2024-3049 - () https://access.redhat.com/security/cve/CVE-2024-3049 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2272082 - () https://bugzilla.redhat.com/show_bug.cgi?id=2272082 - Issue Tracking
CPE cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:booth:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
First Time Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Arm 64
Clusterlabs booth
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux Server Update Services For Sap Solutions
Redhat
Redhat enterprise Linux Eus
Clusterlabs
Redhat enterprise Linux
Redhat enterprise Linux For Power Little Endian Eus

06 Jun 2024, 14:17

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en Booth, un administrador de tickets de clúster. Si se pasa un hash especialmente manipulado a gcry_md_get_algo_dlen(), es posible que el servidor Booth acepte un HMAC no válido.

06 Jun 2024, 11:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:3657 -
  • () https://access.redhat.com/errata/RHSA-2024:3658 -
  • () https://access.redhat.com/errata/RHSA-2024:3659 -
  • () https://access.redhat.com/errata/RHSA-2024:3660 -
  • () https://access.redhat.com/errata/RHSA-2024:3661 -

06 Jun 2024, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-06 06:15

Updated : 2024-09-13 22:15

NVD link : CVE-2024-3049

Mitre link : CVE-2024-3049

CVE.ORG link : CVE-2024-3049

JSON object : View

Products Affected

redhat

  • enterprise_linux
  • enterprise_linux_for_arm_64
  • enterprise_linux_server_update_services_for_sap_solutions
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_eus

clusterlabs

  • booth
CWE
CWE-345

Insufficient Verification of Data Authenticity