VDB

ALPINE-CVE-2017-11103

ALPINE-CVE-2017-11103 PUBLISHED CVSS 8.100000381469727 HIGH

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.13heimdal1.3.1-r5, 1.3.1-r4, 1.3.1-r3
Alpine:v3.6heimdal1.6, 0, 0
Alpine:v3.17heimdal1.2.1-r4, 0, 7.1.0-r1
Alpine:v3.15heimdal1.2.1-r0, 1.2.1-r1, 1.2.1-r2
Alpine:v3.23heimdal1.3.1-r0, 0, 7.1.0-r1
Alpine:v3.20heimdal1.4-r6, 1.4-r4, 1.4-r11
Alpine:v3.6samba3.3.4-r0, 3.2.8-r1, 3.2.8-r0
Alpine:v3.16heimdal1.4-r6, 0, 7.1.0-r1
Alpine:v3.4samba4.2.1-r0, 4.2.1-r2, 4.2.1-r1
Alpine:v3.9heimdal1.2.1-r2, 1.2.1-r3, 1.2.1-r4
Alpine:v3.4heimdal1.4-r11, 1.2.1-r4, 1.2.1-r2
Alpine:v3.8heimdal1.3.1-r3, 0, 7.1.0-r1
Alpine:v3.10heimdal1.3.1-r4, 1.2.1-r3, 1.2.1-r4
Alpine:v3.19heimdal1.4-r8, 1.4-r9, 1.5.2-r4
Alpine:v3.21heimdal1.5-r2, 1.5.2-r4, 1.5.2-r5
Alpine:v3.5samba4.1.8-r0, 4.1.7-r0, 4.1.6-r0
Alpine:v3.7heimdal1.4-r6, 0, 7.1.0-r1
Alpine:v3.5heimdal1.4-r2, 1.4-r3, 1.4-r5
Alpine:v3.22heimdal1.4-r1, 1.4-r10, 1.4-r11
Alpine:v3.3samba3.5.11-r0, 3.5.10-r0, 3.4.7-r1

…and 6 more

Timeline

  • Jul 13, 2017 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 15, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›