Vulnetix
Try Vulnetix Request Demo
CVE-2017-11103 PUBLISHED

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

EPSS 6.30% · 90.9th percentile

Risk Scores

EPSS Score
6.30%
90.9th percentile

Affected Products

VendorProductVersions
Ubuntu:14.04:LTSheimdal1.6~git20131207+dfsg-1ubuntu1, 1.6~git20131207+dfsg-1ubuntu1.1, 1.6~git20120403+dfsg1-3ubuntu0.1
Ubuntu:16.04:LTSheimdal0, 1.6~rc2+dfsg-10ubuntu1, 1.7~git20150920+dfsg-4ubuntu1
Ubuntu:16.04:LTSsamba0, 2:4.1.17+dfsg-4ubuntu2, 2:4.1.20+dfsg-1ubuntu1
Ubuntu:14.04:LTSsamba2:4.3.11+dfsg-0ubuntu0.14.04.6, 2:4.3.11+dfsg-0ubuntu0.14.04.7, 2:4.3.11+dfsg-0ubuntu0.14.04.8

Timeline

References

Open in Interactive Console →