ghsa-7cm4-q9wm-9w5g
Vulnerability from github
Published
2022-05-13 01:23
Modified
2022-05-13 01:23
Severity ?
Details
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.
{ "affected": [], "aliases": [ "CVE-2017-11103" ], "database_specific": { "cwe_ids": [ "CWE-345" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2017-07-13T13:29:00Z", "severity": "HIGH" }, "details": "Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus\u0027 Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in \u0027enc_part\u0027 instead of the unencrypted version stored in \u0027ticket\u0027. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.", "id": "GHSA-7cm4-q9wm-9w5g", "modified": "2022-05-13T01:23:19Z", "published": "2022-05-13T01:23:19Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11103" }, { "type": "WEB", "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0" }, { "type": "WEB", "url": "https://support.apple.com/HT208112" }, { "type": "WEB", "url": "https://support.apple.com/HT208144" }, { "type": "WEB", "url": "https://support.apple.com/HT208221" }, { "type": "WEB", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc" }, { "type": "WEB", "url": "https://www.orpheus-lyre.info" }, { "type": "WEB", "url": "https://www.samba.org/samba/security/CVE-2017-11103.html" }, { "type": "WEB", "url": "http://www.debian.org/security/2017/dsa-3912" }, { "type": "WEB", "url": "http://www.h5l.org/advisories.html?show=2017-07-11" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/99551" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1038876" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1039427" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.