CVE-2017-11103

Impact:
Important
Public Date:
2017-07-11
CWE:
CWE-319
Bugzilla:
1469976: CVE-2017-11103 krb5: Metadata taken from the unauthenticated plaintext

The MITRE CVE dictionary describes this issue as:

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

Find out more about CVE-2017-11103 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the version of MIT Kerberos implementation as shipped with Red Hat Enterprise Linux. This issue also does not affect the version of Samba as shipped with Red Hat Enterprise Linux.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 8.1
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Affected Packages State

Platform Package State
Red Hat JBoss Web Server 3.0 krb5 Not affected
Red Hat JBoss EWS 2 krb5 Not affected
Red Hat JBoss EAP 6 krb5 Not affected
Red Hat Gluster Storage 3 samba Not affected
Red Hat Enterprise Linux 7 krb5 Not affected
Red Hat Enterprise Linux 7 samba Not affected
Red Hat Enterprise Linux 6 krb5 Not affected
Red Hat Enterprise Linux 6 samba Not affected
Red Hat Enterprise Linux 6 samba4 Not affected
Red Hat Enterprise Linux 5 krb5 Not affected
Red Hat Enterprise Linux 5 samba Not affected

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.