CVE-2018-20217
published 2018-12-26CVE-2018-20217: A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older…
PriorityP426medium5.3CVSS 3.1
AVNACHPRLUINSUCNINAH
EPSS
1.53%
71.5th percentile
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.16.2-1 (bookworm) | krb5 1.16.2-1 (bookworm) |
| mit | kerberos | < 5-1.17 | 5-1.17 |
| mit | krb5 | >= 0 < 1.16.2-1 | 1.16.2-1 |
| mit | krb5 | >= 0 < 1.16.2-1 | 1.16.2-1 |
| mit | krb5 | >= 0 < 1.16.2-1 | 1.16.2-1 |
| mit | krb5 | >= 0 < 1.16.2-1 | 1.16.2-1 |
| mit | krb5 | >= 0 < 1.16-2ubuntu0.3 | 1.16-2ubuntu0.3 |
| mit | krb5 | >= 0 < 1.17-6ubuntu4.2 | 1.17-6ubuntu4.2 |
| mit | krb5 | >= 0 < 1.19.2-2ubuntu0.1 | 1.19.2-2ubuntu0.1 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu5.4+esm3 | 1.12+dfsg-2ubuntu5.4+esm3 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-5ubuntu2.2+esm3 | 1.13.2+dfsg-5ubuntu2.2+esm3 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
osv5.3MEDIUM
vendor_debian5.3LOW
vendor_redhat5.3MEDIUM
vendor_ubuntu5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
krb5 vulnerabilities
osv·2023-01-25·CVSS 5.3
CVE-2018-20217 [MEDIUM] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that Kerberos incorrectly handled certain S4U2Self
requests. An attacker could possibly use this issue to cause a denial of
service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu
18.04 LTS. (CVE-2018-20217)
Greg Hudson discovered that Kerberos PAC implementation incorrectly
handled certain parsing operations. A remote attacker could use this
issue to cause a denial of service, or possibly execute arbitrary code.
(CVE-2022-42898)
GHSA
GHSA-f4hc-rvh5-8phv: A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1
ghsa_unreviewed·2022-05-13
CVE-2018-20217 [MEDIUM] CWE-617 GHSA-f4hc-rvh5-8phv: A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
OSV
CVE-2018-20217: A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1
osv·2018-12-26·CVSS 5.3
CVE-2018-20217 [MEDIUM] CVE-2018-20217: A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2023-01-25·CVSS 5.3
CVE-2022-42898 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Several security issues were fixed in Kerberos.
It was discovered that Kerberos incorrectly handled certain S4U2Self
requests. An attacker could possibly use this issue to cause a denial of
service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu
18.04 LTS. (CVE-2018-20217)
Greg Hudson discovered that Kerberos PAC implementation incorrectly
handled certain parsing operations. A remote attacker could use this
issue to cause a denial of service, or possibly execute arbitrary code.
(CVE-2022-42898)
Instructions: After a standard system update you need to restart any application
using Kerberos libraries to make all the necessary changes.
Red Hat
krb5: Reachable assertion in the KDC using S4U2Self requests
vendor_redhat·2018-12-02·CVSS 5.3
CVE-2018-20217 [MEDIUM] CWE-617 krb5: Reachable assertion in the KDC using S4U2Self requests
krb5: Reachable assertion in the KDC using S4U2Self requests
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Package: krb5 (Red Hat Enterprise Linux 6) - Will not fix
Package: krb5 (Red Hat Enterprise Linux 8) - Not affected
Package: krb5 (Red Hat JBoss Core Services) - Out of support scope
Package: krb5 (Red Hat JBoss Enterprise Application Platform 6) - Out of support scope
Package: krb5 (Red Hat JBoss Enterprise Web Server 2) - Out of support scope
Debian
CVE-2018-20217: krb5 - A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb...
vendor_debian·2018·CVSS 5.3
CVE-2018-20217 [MEDIUM] CVE-2018-20217: krb5 - A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb...
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
Scope: local
bookworm: resolved (fixed in 1.16.2-1)
bullseye: resolved (fixed in 1.16.2-1)
forky: resolved (fixed in 1.16.2-1)
sid: resolved (fixed in 1.16.2-1)
trixie: resolved (fixed in 1.16.2-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-20217 krb5: Reachable assertion in the KDC using S4U2Self requests [fedora-all]
bugzilla·2019-01-10·CVSS 5.3
CVE-2018-20217 [MEDIUM] CVE-2018-20217 krb5: Reachable assertion in the KDC using S4U2Self requests [fedora-all]
CVE-2018-20217 krb5: Reachable assertion in the KDC using S4U2Self requests [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple support
Bugzilla
CVE-2018-20217 krb5: Reachable assertion in the KDC using S4U2Self requests
bugzilla·2019-01-10·CVSS 5.3
CVE-2018-20217 [MEDIUM] CVE-2018-20217 krb5: Reachable assertion in the KDC using S4U2Self requests
CVE-2018-20217 krb5: Reachable assertion in the KDC using S4U2Self requests
A vulnerability was found in in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. An authenticated user who can obtain a TGT using an older encryption type (DES, DES3, or RC4) can cause an assertion failure in the KDC by sending an S4U2Self request.
References:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
https://lists.fedoraproject.org/archives/list/[email protected]/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/
Upstream Patch:
https://github.com/krb5/krb5/commit/94e5eda5bb94d1d44733a49c3d9b6d1e42c74def
Discussion:
Created krb5 tracking bugs for this issue:
Affects: fedora-all [bug 1665297]
---
Why is it that Status is New and Fixed In says 1.17? Is this bug really fixed in RHEL
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086https://lists.debian.org/debian-lts-announce/2019/01/msg00020.htmlhttps://lists.debian.org/debian-lts-announce/2021/09/msg00019.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/https://security.netapp.com/advisory/ntap-20190416-0006/http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086https://lists.debian.org/debian-lts-announce/2019/01/msg00020.htmlhttps://lists.debian.org/debian-lts-announce/2021/09/msg00019.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/https://security.netapp.com/advisory/ntap-20190416-0006/
2018-12-26
Published