Vulnerability CVE-2017-11368: Information
Description
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
krb5 | sisyphus | 1.15.2-alt2.S1 | 1.21.2-alt2 | ALT-PU-2017-2651-1 | 192926 | Fixed |
krb5 | p10 | 1.15.2-alt2.S1 | 1.19.4-alt3 | ALT-PU-2017-2651-1 | 192926 | Fixed |
krb5 | p9 | 1.15.2-alt2.S1 | 1.17.2-alt5 | ALT-PU-2017-2651-1 | 192926 | Fixed |
krb5 | p8 | 1.14.6-alt1.M80P.1 | 1.14.6-alt1.M80P.1 | ALT-PU-2018-1648-1 | 204403 | Fixed |
krb5 | c10f1 | 1.15.2-alt2.S1 | 1.19.4-alt3 | ALT-PU-2017-2651-1 | 192926 | Fixed |
krb5 | c9f2 | 1.15.2-alt2.S1 | 1.17.2-alt5 | ALT-PU-2017-2651-1 | 192926 | Fixed |
krb5 | c7 | 1.13.7-alt0.M70C.1 | 1.14.6-alt1.M70C.1 | ALT-PU-2016-2003-1 | 169626 | Fixed |
krb5 | p11 | 1.15.2-alt2.S1 | 1.21.2-alt2 | ALT-PU-2017-2651-1 | 192926 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970 |
|
100291 |
|
RHSA-2018:0666 | |
FEDORA-2017-e5b36383f4 | |
FEDORA-2017-8e9d9771c4 |