A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Clusterlabs
  • Booth
Redhat
  • Enterprise Linux
  • Enterprise Linux Eus
  • Enterprise Linux For Arm 64
  • Enterprise Linux For Ibm Z Systems
  • Enterprise Linux For Ibm Z Systems Eus
  • Enterprise Linux For Power Little Endian Eus
  • Enterprise Linux Server Update Services For Sap Solutions
  • Rhel E4s
  • Rhel Eus
  • Rhel Tus

Configuration 1 [-]

cpe:2.3:a:clusterlabs:booth:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
booth-0:1.1-1.el8_10.1 cpe:/a:redhat:enterprise_linux:8::highavailability RHSA-2024:3659 2024-06-06T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
booth-0:1.0-199.1.ac1d34c.git.el8_4.2 cpe:/a:redhat:rhel_tus:8.4::highavailability RHSA-2024:3657 2024-06-06T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
booth-0:1.0-199.1.ac1d34c.git.el8_4.2 cpe:/a:redhat:rhel_e4s:8.4::highavailability RHSA-2024:3657 2024-06-06T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
booth-0:1.0-199.1.ac1d34c.git.el8_6.2 cpe:/a:redhat:rhel_tus:8.6::highavailability RHSA-2024:4400 2024-07-09T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
booth-0:1.0-199.1.ac1d34c.git.el8_6.2 cpe:/a:redhat:rhel_e4s:8.6::highavailability RHSA-2024:4400 2024-07-09T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
booth-0:1.0-283.1.9d4029a.git.el8_8.1 cpe:/a:redhat:rhel_eus:8.8::highavailability RHSA-2024:3658 2024-06-06T00:00:00Z
Red Hat Enterprise Linux 9
booth-0:1.1-1.el9_4.1 cpe:/a:redhat:enterprise_linux:9::highavailability RHSA-2024:3661 2024-06-06T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
booth-0:1.0-251.3.bfb2f92.git.el9_0.2 cpe:/a:redhat:rhel_e4s:9.0::highavailability RHSA-2024:4411 2024-07-09T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
booth-0:1.0-283.1.9d4029a.git.el9_2.1 cpe:/a:redhat:rhel_eus:9.2::highavailability RHSA-2024:3660 2024-06-06T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2024:3657 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:3658 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:3659 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:3660 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:3661 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4400 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4411 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-3049 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2272082 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-3049 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-3049 cve-icon
History

Tue, 24 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-06-06T05:30:04.137Z

Updated: 2024-11-15T17:52:56.132Z

Reserved: 2024-03-28T17:17:50.507Z

Link: CVE-2024-3049

cve-icon Vulnrichment

Updated: 2024-09-24T18:03:12.532Z

cve-icon NVD

Status : Modified

Published: 2024-06-06T06:15:09.550

Modified: 2024-09-13T22:15:01.873

Link: CVE-2024-3049

cve-icon Redhat

Severity : Important

Publid Date: 2024-05-27T00:00:00Z

Links: CVE-2024-3049 - Bugzilla