ID CVE-2017-11462
Summary Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos:5-1.14
    cpe:2.3:a:mit:kerberos:5-1.14
  • MIT Kerberos 5-1.14 Alpha 1
    cpe:2.3:a:mit:kerberos:5-1.14:alpha1
  • MIT Kerberos 5-1.14 Beta 1
    cpe:2.3:a:mit:kerberos:5-1.14:beta1
  • MIT Kerberos 5 1.14 Beta2
    cpe:2.3:a:mit:kerberos:5-1.14:beta2
  • cpe:2.3:a:mit:kerberos:5-1.14.1
    cpe:2.3:a:mit:kerberos:5-1.14.1
  • MIT Kerberos 5-1.14.2
    cpe:2.3:a:mit:kerberos:5-1.14.2
  • MIT Kerberos 5-1.14.3
    cpe:2.3:a:mit:kerberos:5-1.14.3
  • MIT Kerberos 5-1.14.4
    cpe:2.3:a:mit:kerberos:5-1.14.4
  • MIT Kerberos 5-1.14.5
    cpe:2.3:a:mit:kerberos:5-1.14.5
  • MIT Kerberos 5-1.15
    cpe:2.3:a:mit:kerberos:5-1.15
  • MIT Kerberos 5-1.15.1
    cpe:2.3:a:mit:kerberos:5-1.15.1
  • MIT Kerberos 5-1.15.1 Beta 1
    cpe:2.3:a:mit:kerberos:5-1.15.1:beta1
  • MIT Kerberos 5-1.15.1 Beta 2
    cpe:2.3:a:mit:kerberos:5-1.15.1:beta2
  • Fedora 25
    cpe:2.3:o:fedoraproject:fedora:25
  • Fedora 26
    cpe:2.3:o:fedoraproject:fedora:26
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-415
CAPEC
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1145.NASL
    description This update for krb5 fixes several issues. This security issue was fixed : - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995) These non-security issues were fixed : - Set 'rdns' and 'dns_canonicalize_hostname' to false in krb5.conf in order to improve client security in handling service principle names. (bsc#1054028) - Prevent kadmind.service startup failure caused by absence of LDAP service. (bsc#903543) - Remove main package's dependency on systemd (bsc#1032680) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 103799
    published 2017-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103799
    title openSUSE Security Update : krb5 (openSUSE-2017-1145)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3F3837CC48FB4414AA465B1C23C9FEAE.NASL
    description MIT reports : CVE-2017-11368 : In MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request. CVE-2017-11462 : RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or subsequent call to gss_init_sec_context() or gss_accept_sec_context() if the call results in an error. This API behavior has been found to be dangerous, leading to the possibility of memory errors in some callers. For safety, GSS-API implementations should instead preserve existing security contexts on error until the caller deletes them. All versions of MIT krb5 prior to this change may delete acceptor contexts on error. Versions 1.13.4 through 1.13.7, 1.14.1 through 1.14.5, and 1.15 through 1.15.1 may also delete initiator contexts on error.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 103953
    published 2017-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103953
    title FreeBSD : krb5 -- Multiple vulnerabilities (3f3837cc-48fb-4414-aa46-5b1c23c9feae)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-10C74147F9.NASL
    description - Prevent applications from accidentally implementing CVE-2017-11462 (double free if sec_context is copied). - fc26+: Add ccselect hostrealm module for ccache selection based on service hostname. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 103098
    published 2017-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103098
    title Fedora 26 : krb5 (2017-10c74147f9)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-56E23BC2B5.NASL
    description - Prevent applications from accidentally implementing CVE-2017-11462 (double free if sec_context is copied). - fc26+: Add ccselect hostrealm module for ccache selection based on service hostname. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 103544
    published 2017-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103544
    title Fedora 25 : krb5 (2017-56e23bc2b5)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2659-1.NASL
    description This update for krb5 fixes several issues. This security issue was fixed : - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 103742
    published 2017-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103742
    title SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2017:2659-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-7A22A80C7E.NASL
    description - Prevent applications from accidentally implementing CVE-2017-11462 (double free if sec_context is copied). - fc26+: Add ccselect hostrealm module for ccache selection based on service hostname. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 105909
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105909
    title Fedora 27 : krb5 (2017-7a22a80c7e)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0038.NASL
    description An update of [gnutls, c-ares, nginx, mercurial, linux, mesos, git, binutils, krb5, dnsmasq] packages for PhotonOS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111887
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111887
    title Photon OS 1.0: Binutils / C / Dnsmasq / Git / Gnutls / Krb5 / Linux / Mercurial / Mesos / Nginx PHSA-2017-0038 (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0859-1.NASL
    description This update for krb5 fixes several issues. This security issue was fixed : - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995). - CVE-2018-5729: NULL pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 108826
    published 2018-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108826
    title SUSE SLES11 Security Update : krb5 (SUSE-SU-2018:0859-1)
refmap via4
confirm
fedora FEDORA-2017-10c74147f9
Last major update 13-09-2017 - 12:29
Published 13-09-2017 - 12:29
Last modified 20-10-2017 - 13:43
Back to Top