Vulnerabilities > CVE-2018-20217 - Reachable Assertion vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0111-1.NASL description This update for krb5 fixes the following issues : Security issue fixed : CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-18 plugin id 121241 published 2019-01-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121241 title SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2019:0111-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0020_KRB5.NASL description An update of the krb5 package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126183 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126183 title Photon OS 3.0: Krb5 PHSA-2019-3.0-0020 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1467.NASL description According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.(CVE-2017-11462) - A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.(CVE-2018-20217) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-30 modified 2020-04-16 plugin id 135629 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135629 title EulerOS Virtualization 3.0.2.2 : krb5 (EulerOS-SA-2020-1467) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-63.NASL description This update for krb5 fixes the following issues : Security issue fixed : - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-03-18 modified 2019-01-22 plugin id 121287 published 2019-01-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121287 title openSUSE Security Update : krb5 (openSUSE-2019-63) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2532.NASL description According to the version of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.(CVE-2018-20217) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-09 plugin id 131806 published 2019-12-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131806 title EulerOS 2.0 SP5 : krb5 (EulerOS-SA-2019-2532) NASL family Fedora Local Security Checks NASL id FEDORA_2019-AC7E19B0C8.NASL description Improve memset hygiene in one location. ---- Fix low-severity CVE-2018-20217 (an authenticated user who can obtain a TGT using an older encryption type (DES, DES3, or RC4) can cause an assertion failure in the KDC by sending an S4U2Self request.) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-11 plugin id 121083 published 2019-01-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121083 title Fedora 28 : krb5 (2019-ac7e19b0c8) NASL family Fedora Local Security Checks NASL id FEDORA_2018-7DB7CCDA4D.NASL description Fix low-severity CVE-2018-20217 (an authenticated user who can obtain a TGT using an older encryption type (DES, DES3, or RC4) can cause an assertion failure in the KDC by sending an S4U2Self request.) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120564 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120564 title Fedora 29 : krb5 (2018-7db7ccda4d) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2600.NASL description According to the version of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.(CVE-2018-20217) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-18 plugin id 132135 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132135 title EulerOS 2.0 SP3 : krb5 (EulerOS-SA-2019-2600) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-85.NASL description This update for krb5 fixes the following security issue : - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-03-18 modified 2019-01-28 plugin id 121412 published 2019-01-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121412 title openSUSE Security Update : krb5 (openSUSE-2019-85) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2378.NASL description According to the version of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.(CVE-2018-20217) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-10 plugin id 131870 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131870 title EulerOS 2.0 SP2 : krb5 (EulerOS-SA-2019-2378) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0113-1.NASL description This update for krb5 fixes the following issues : Security issue fixed : CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-18 plugin id 121243 published 2019-01-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121243 title SUSE SLES12 Security Update : krb5 (SUSE-SU-2019:0113-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1643.NASL description krb5, a MIT Kerberos implementation, had several flaws in LDAP DN checking, which could be used to circumvent a DN containership check by supplying special parameters to some calls. Further an attacker could crash the KDC by making S4U2Self requests. For Debian 8 last seen 2020-03-17 modified 2019-01-28 plugin id 121399 published 2019-01-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121399 title Debian DLA-1643-1 : krb5 security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1192.NASL description According to the versions of the krb5 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.(CVE-2017-11462) - A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.(CVE-2018-20217) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2020-03-13 plugin id 134481 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134481 title EulerOS Virtualization for ARM 64 3.0.2.0 : krb5 (EulerOS-SA-2020-1192) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0239_KRB5.NASL description An update of the krb5 package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126187 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126187 title Photon OS 1.0: Krb5 PHSA-2019-1.0-0239 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0164_KRB5.NASL description An update of the krb5 package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126181 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126181 title Photon OS 2.0: Krb5 PHSA-2019-2.0-0164 NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2020-1374.NASL description A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.(CVE-2018-20217) last seen 2020-06-10 modified 2020-06-04 plugin id 137097 published 2020-06-04 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137097 title Amazon Linux AMI : krb5 (ALAS-2020-1374)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
- https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html
- https://security.netapp.com/advisory/ntap-20190416-0006/
- https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/