CVE-2017-11368

Опубликовано: 09 авг. 2017

Источник: debian

Описание

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
krb5	fixed	1.15.1-2		package
krb5	fixed	1.15-1+deb9u1	stretch	package
krb5	fixed	1.12.1+dfsg-19+deb8u3	jessie	package

Примечания

https://github.com/krb5/krb5/pull/678/commits/a860385dd8fbd239fdb31b347e07f4e6b2fbdcc2

Связанные уязвимости

CVE-2017-11368

CVSS3: 6.5

ubuntu

больше 8 лет назад

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

CVE-2017-11368

CVSS3: 6.5

redhat

больше 8 лет назад

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

CVE-2017-11368

CVSS3: 6.5

nvd

больше 8 лет назад

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

GHSA-8f95-9vr9-hxf2

CVSS3: 6.5

github

больше 3 лет назад

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

ELSA-2018-0666

oracle-oval

больше 7 лет назад

ELSA-2018-0666: krb5 security, bug fix, and enhancement update (MODERATE)