PT-2017-11963 · Mit+3 · Mit Kerberos 5+3

Samuel Cabrero

Published

2017-08-09

Updated

2024-06-15

CVE-2017-11368

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (aka krb5) versions 1.7 and later

Description The issue allows an authenticated attacker to cause a KDC assertion failure. This can be achieved by sending invalid S4U2Self or S4U2Proxy requests.

Recommendations For versions 1.7 and later, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALT-PU-2017-2651

CESA-2018_0666

CVE-2017-11368

DLA-1058-1

MGASA-2017-0256

OPENSUSE-SU-2024:10899-1

RHSA-2018:0666

RHSA-2018_0666

Affected Products

Alt Linux

Centos

Mit Kerberos 5

Red Hat

PT-2017-11963 · Mit+3 · Mit Kerberos 5+3

CVE-2017-11368

Weakness Enumeration

Related Identifiers

Affected Products

References · 39