CVE-2017-11103Insufficient Verification of Data Authenticity in Project Heimdal

CWE-345Insufficient Verification of Data AuthenticityCWE-319Cleartext Transmission of Sensitive Info16 documents10 sources
Severity
8.1HIGHNVD
EPSS
6.3%
top 9.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Heimdal Project HeimdalSambaApple Iphone OS+2 more
Timeline
PublishedJul 13
Latest updateMay 13

Description

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is on

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages6 packages

Debianheimdal_project/heimdal< 7.4.0.dfsg.1-1+3
NVDsamba/samba4.0.04.4.15+2
NVDapple/mac_os_x< 10.13.1
NVDapple/iphone_os< 11.0

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-7cm4-q9wm-9w5g: Heimdal before 72022-05-13
OSV
CVE-2017-11103: Heimdal before 72017-07-13
CVEList
CVE-2017-11103: Heimdal before 72017-07-13

📋Vendor Advisories

10
Apple
CVE-2017-11103: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan2017-10-31
Apple
CVE-2017-11103: macOS High Sierra 10.132017-09-25
Apple
CVE-2017-11103: iOS 112017-09-19
Ubuntu
Heimdal vulnerability2017-07-24
Ubuntu
Samba vulnerability2017-07-24

💬Community

2
Bugzilla
CVE-2017-11103 heimdal: krb5: Metadata taken from the unauthenticated plaintext [fedora-all]2017-07-12
Bugzilla
CVE-2017-11103 krb5: Metadata taken from the unauthenticated plaintext2017-07-12
CVE-2017-11103 — Heimdal Project Heimdal vulnerability | cvebase