In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 03:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/100291 - Third Party Advisory, VDB Entry | |
References | () https://access.redhat.com/errata/RHSA-2018:0666 - | |
References | () https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970 - Patch, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/ - |
07 Nov 2023, 02:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-08-09 18:29
Updated : 2024-11-21 03:07
NVD link : CVE-2017-11368
Mitre link : CVE-2017-11368
CVE.ORG link : CVE-2017-11368
JSON object : View
Products Affected
fedoraproject
- fedora
mit
- kerberos_5
- kerberos
CWE
CWE-617
Reachable Assertion