Vulnerability CVE-2023-1672: Information

Description

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-1672
Published: July 11, 2023
Modified: Nov. 8, 2023
Error type identifier: CWE-362

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
tangsisyphus14-alt114-alt1ALT-PU-2023-7560-2335017Fixed
tangsisyphus_e2k14-alt114-alt1ALT-PU-2023-7608-1-Fixed
tangsisyphus_mipsel14-alt114-alt1ALT-PU-2023-7602-1-Fixed
tangsisyphus_riscv6414-alt114-alt1ALT-PU-2023-7604-1-Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://access.redhat.com/security/cve/CVE-2023-1672
  • Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/06/15/1
  • Exploit
  • Mailing List
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2180999
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096
  • Patch
https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html

      1. Configuration 1

        cpe:2.3:a:tang_project:tang:*:*:*:*:*:*:*:*
        End excliding
        14

        Configuration 2

        cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

        Configuration 3

        cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top