Vulnerability Description
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
CVSS Score
6.5
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 25 |
| Mit | Kerberos | 5-1.13.7 |
| Mit | Kerberos 5 | 1.7 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100291Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0666
- https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970PatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- http://www.securityfocus.com/bid/100291Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0666
- https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970PatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2017-11368?
CVE-2017-11368 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
How severe is CVE-2017-11368?
CVE-2017-11368 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11368?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Mit Kerberos, Mit Kerberos 5.