Vulnerabilities > CVE-2017-11368 - Reachable Assertion vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2017-71C47E1E82.NASL description Fix CVE-2017-11368 (remote triggerable assertion failure in krb5kdc) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-27 plugin id 101997 published 2017-07-27 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101997 title Fedora 24 : krb5 (2017-71c47e1e82) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-0666.NASL description From Red Hat Security Advisory 2018:0666 : An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * krb5: Authentication bypass by improper validation of certificate EKU and SAN (CVE-2017-7562) * krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure (CVE-2017-11368) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 109104 published 2018-04-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109104 title Oracle Linux 7 : krb5 (ELSA-2018-0666) NASL family Fedora Local Security Checks NASL id FEDORA_2017-8E9D9771C4.NASL description Fix CVE-2017-11368 (remote triggerable assertion failure in krb5kdc) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-27 plugin id 102002 published 2017-07-27 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102002 title Fedora 25 : krb5 (2017-8e9d9771c4) NASL family Scientific Linux Local Security Checks NASL id SL_20180410_KRB5_ON_SL7_X.NASL description Security Fix(es) : - krb5: Authentication bypass by improper validation of certificate EKU and SAN (CVE-2017-7562) - krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure (CVE-2017-11368) Additional Changes : last seen 2020-03-18 modified 2018-05-01 plugin id 109450 published 2018-05-01 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109450 title Scientific Linux Security Update : krb5 on SL7.x x86_64 (20180410) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1167.NASL description According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An authentication bypass flaw was found in the way krb5 last seen 2020-03-19 modified 2019-04-09 plugin id 123853 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123853 title EulerOS Virtualization 2.5.3 : krb5 (EulerOS-SA-2019-1167) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1010.NASL description Authentication bypass by improper validation of certificate EKU and SAN An authentication bypass flaw was found in the way krb5 last seen 2020-06-01 modified 2020-06-02 plugin id 109689 published 2018-05-11 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109689 title Amazon Linux 2 : krb5 (ALAS-2018-1010) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_3F3837CC48FB4414AA465B1C23C9FEAE.NASL description MIT reports : CVE-2017-11368 : In MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request. CVE-2017-11462 : RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or subsequent call to gss_init_sec_context() or gss_accept_sec_context() if the call results in an error. This API behavior has been found to be dangerous, leading to the possibility of memory errors in some callers. For safety, GSS-API implementations should instead preserve existing security contexts on error until the caller deletes them. All versions of MIT krb5 prior to this change may delete acceptor contexts on error. Versions 1.13.4 through 1.13.7, 1.14.1 through 1.14.5, and 1.15 through 1.15.1 may also delete initiator contexts on error. last seen 2020-06-01 modified 2020-06-02 plugin id 103953 published 2017-10-19 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103953 title FreeBSD : krb5 -- Multiple vulnerabilities (3f3837cc-48fb-4414-aa46-5b1c23c9feae) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1010.NASL description A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request.(CVE-2017-11368) An authentication bypass flaw was found in the way krb5 last seen 2020-06-01 modified 2020-06-02 plugin id 117342 published 2018-09-07 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117342 title Amazon Linux AMI : krb5 (ALAS-2018-1010) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1058.NASL description In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. For Debian 7 last seen 2020-03-17 modified 2017-08-15 plugin id 102482 published 2017-08-15 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102482 title Debian DLA-1058-1 : krb5 security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1361.NASL description According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request.(CVE-2017-11368) - An authentication bypass flaw was found in the way krb5 last seen 2020-06-03 modified 2018-11-07 plugin id 118755 published 2018-11-07 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118755 title EulerOS 2.0 SP3 : krb5 (EulerOS-SA-2018-1361) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-0666.NASL description An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * krb5: Authentication bypass by improper validation of certificate EKU and SAN (CVE-2017-7562) * krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure (CVE-2017-11368) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 109370 published 2018-04-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109370 title CentOS 7 : krb5 (CESA-2018:0666) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0025_KRB5.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has krb5 packages installed that are affected by multiple vulnerabilities: - An authentication bypass flaw was found in the way krb5 last seen 2020-06-01 modified 2020-06-02 plugin id 127186 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127186 title NewStart CGSL CORE 5.04 / MAIN 5.04 : krb5 Multiple Vulnerabilities (NS-SA-2019-0025) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1408.NASL description According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An authentication bypass flaw was found in the way krb5 last seen 2020-03-26 modified 2018-12-28 plugin id 119897 published 2018-12-28 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119897 title EulerOS Virtualization 2.5.2 : krb5 (EulerOS-SA-2018-1408) NASL family Fedora Local Security Checks NASL id FEDORA_2017-E5B36383F4.NASL description Fix CVE-2017-11368 (remote triggerable assertion failure in krb5kdc) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-26 plugin id 101965 published 2017-07-26 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101965 title Fedora 26 : krb5 (2017-e5b36383f4) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-0666.NASL description An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * krb5: Authentication bypass by improper validation of certificate EKU and SAN (CVE-2017-7562) * krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure (CVE-2017-11368) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 108983 published 2018-04-11 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108983 title RHEL 7 : krb5 (RHSA-2018:0666) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1354.NASL description According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request.(CVE-2017-11368) - An authentication bypass flaw was found in the way krb5 last seen 2020-05-31 modified 2018-11-06 plugin id 118737 published 2018-11-06 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118737 title EulerOS 2.0 SP2 : krb5 (EulerOS-SA-2018-1354)
Redhat
| advisories |
| ||||
| rpms |
|
References
- https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970
- http://www.securityfocus.com/bid/100291
- https://access.redhat.com/errata/RHSA-2018:0666
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/