CVE-2017-11103 — HIGH (8.1)

Q: How severe is CVE-2017-11103?

CVE-2017-11103 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-11103?

Check the references section above for vendor advisories and patch information. Affected products include: Heimdal Project Heimdal, Freebsd Freebsd, Samba Samba, Apple Iphone Os, Apple Mac Os X.

Vulnerability Description

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Heimdal Project	Heimdal	< 7.4.0
Freebsd	Freebsd	-
Samba	Samba	>= 4.0.0, < 4.4.15
Apple	Iphone Os	< 11.0
Apple	Mac Os X	< 10.13.1
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-345

References

http://www.debian.org/security/2017/dsa-3912Third Party Advisory
http://www.h5l.org/advisories.html?show=2017-07-11Broken Link
http://www.securityfocus.com/bid/99551Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038876Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039427Third Party AdvisoryVDB Entry
https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0Release Notes
https://support.apple.com/HT208112Third Party Advisory
https://support.apple.com/HT208144Third Party Advisory
https://support.apple.com/HT208221Third Party Advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.ascThird Party Advisory
https://www.orpheus-lyre.info/Third Party Advisory
https://www.samba.org/samba/security/CVE-2017-11103.htmlThird Party Advisory
http://www.debian.org/security/2017/dsa-3912Third Party Advisory
http://www.h5l.org/advisories.html?show=2017-07-11Broken Link
http://www.securityfocus.com/bid/99551Third Party AdvisoryVDB Entry

FAQ

What is CVE-2017-11103?

CVE-2017-11103 is a vulnerability with a CVSS score of 8.1 (HIGH). Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. I...

How severe is CVE-2017-11103?

CVE-2017-11103 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-11103?

Check the references section above for vendor advisories and patch information. Affected products include: Heimdal Project Heimdal, Freebsd Freebsd, Samba Samba, Apple Iphone Os, Apple Mac Os X.