Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-11103

Опубликовано: 13 июл. 2017
Источник: nvd
CVSS3: 8.1
CVSS2: 6.8
EPSS Низкий

Описание

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*
Версия до 7.4.0 (исключая)
Конфигурация 2
cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.0.0 (включая) до 4.4.15 (исключая)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.5.0 (включая) до 4.5.12 (исключая)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.6.0 (включая) до 4.6.6 (исключая)
Конфигурация 4

Одно из

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Версия до 11.0 (исключая)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Версия до 10.13.1 (исключая)
Конфигурация 5

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 91%
0.06224
Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-345

Связанные уязвимости

ubuntu логотип

CVE-2017-11103

CVSS3: 8.1
ubuntu
больше 8 лет назад

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

redhat логотип

CVE-2017-11103

CVSS3: 8.1
redhat
больше 8 лет назад

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

debian логотип

CVE-2017-11103

CVSS3: 8.1
debian
больше 8 лет назад

Heimdal before 7.4 allows remote attackers to impersonate services wit ...

suse-cvrf логотип

openSUSE-SU-2017:2311-1

suse-cvrf
больше 8 лет назад

Security update for samba and resource-agents

suse-cvrf логотип

SUSE-SU-2017:2237-1

suse-cvrf
больше 8 лет назад

Security update for samba and resource-agents

EPSS

Процентиль: 91%
0.06224
Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-345