CVE-2017-6594

Опубликовано: 28 авг. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

Ссылки

http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html
Third Party Advisory
http://www.h5l.org/advisories.html?show=2017-04-13
Vendor Advisory
https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837
Issue Tracking
Patch
Third Party Advisory
https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0
Issue Tracking
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html
Third Party Advisory
http://www.h5l.org/advisories.html?show=2017-04-13
Vendor Advisory
https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837
Issue Tracking
Patch
Third Party Advisory
https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*

Версия до 7.2.0 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00249

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

CVE-2017-6594

CVSS3: 7.5

ubuntu

больше 8 лет назад

CVE-2017-6594

CVSS3: 7.5

debian

больше 8 лет назад

The transit path validation code in Heimdal before 7.3 might allow att ...

GHSA-jg5g-qq45-3g4q

CVSS3: 7.5

github

больше 3 лет назад

openSUSE-SU-2017:2180-1

suse-cvrf

больше 8 лет назад

Security update for libheimdal

EPSS

Процентиль: 48%

0.00249

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-295