Описание
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.16-2ubuntu0.3 |
| cosmic | ignored | end of life |
| devel | not-affected | 1.17-10 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-infra-legacy/trusty | released | 1.12+dfsg-2ubuntu5.4+esm1 |
| esm-infra/bionic | released | 1.16-2ubuntu0.3 |
| esm-infra/focal | not-affected | 1.17-6ubuntu4 |
| esm-infra/xenial | released | 1.13.2+dfsg-5ubuntu2.2+esm3 |
| focal | not-affected | 1.17-6ubuntu4 |
Показывать по
EPSS
3.5 Low
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos ...
EPSS
3.5 Low
CVSS2
5.3 Medium
CVSS3