CVE-2017-11368
published 2017-08-09CVE-2017-11368: In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
PriorityP432medium6.5CVSS 3.0
AVNACLPRLUINSUCNINAH
EPSS
2.40%
81.9th percentile
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
Affected
51 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.15.1-2 (bookworm) | krb5 1.15.1-2 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mit | kerberos | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure
vendor_redhat·2017-07-13·CVSS 6.5
CVE-2017-11368 [MEDIUM] krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure
krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request.
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Package: krb5 (Red Hat Enterprise Linux 6) - Will not fix
Package: krb5 (Red Hat JBoss Enterprise Application Platform 6) - Not affected
Package: krb5 (Red Hat JBoss Enterprise Web Server 2) - Not affected
Package: krb5 (Red Hat JBoss Enterprise Web Server 3) - Not affected
Debian
CVE-2017-11368: krb5 - In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause ...
vendor_debian·2017·CVSS 6.5
CVE-2017-11368 [MEDIUM] CVE-2017-11368: krb5 - In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause ...
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
Scope: local
bookworm: resolved (fixed in 1.15.1-2)
bullseye: resolved (fixed in 1.15.1-2)
forky: resolved (fixed in 1.15.1-2)
sid: resolved (fixed in 1.15.1-2)
trixie: resolved (fixed in 1.15.1-2)
GHSA
GHSA-8f95-9vr9-hxf2: In MIT Kerberos 5 (aka krb5) 1
ghsa_unreviewed·2022-05-13
CVE-2017-11368 [MEDIUM] CWE-617 GHSA-8f95-9vr9-hxf2: In MIT Kerberos 5 (aka krb5) 1
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
OSV
CVE-2017-11368: In MIT Kerberos 5 (aka krb5) 1
osv·2017-08-09·CVSS 6.5
CVE-2017-11368 [MEDIUM] CVE-2017-11368: In MIT Kerberos 5 (aka krb5) 1
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/100291https://access.redhat.com/errata/RHSA-2018:0666https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/http://www.securityfocus.com/bid/100291https://access.redhat.com/errata/RHSA-2018:0666https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/
2017-08-09
Published