CVE-2017-11368

Опубликовано: 09 авг. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:mit:kerberos:5-1.13.7:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.8.5:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.8.6:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.9.2:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.9.3:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.9.4:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.12.3:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.13.5:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.13.6:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.14:alpha1:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.14:beta1:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.14:beta2:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.14.2:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.14.3:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.14.4:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.14.5:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.15:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.15.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.15.1:beta1:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.15.1:beta2:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00528

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-617

Связанные уязвимости

CVE-2017-11368

CVSS3: 6.5

ubuntu

больше 8 лет назад

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

CVE-2017-11368

CVSS3: 6.5

redhat

больше 8 лет назад

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

CVE-2017-11368

CVSS3: 6.5

debian

больше 8 лет назад

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker ...

GHSA-8f95-9vr9-hxf2

CVSS3: 6.5

github

больше 3 лет назад

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

ELSA-2018-0666

oracle-oval

больше 7 лет назад

ELSA-2018-0666: krb5 security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 66%

0.00528

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-617