← Back

CVE-2017-11103

nvd nist
Published: Jul 13, 2017Modified: May 13, 2026

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD

Description

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

Affected (10)

Products: Heimdal Project: Heimdal · Freebsd: Freebsd · Samba: Samba · +2 more
Show all products
Heimdal Project: Heimdal · Freebsd: Freebsd · Samba: Samba · Apple: Iphone Os, Mac Os X · Debian: Debian Linux
Heimdal Project
1 product
Heimdal
Freebsd
1 product
Freebsd
Samba
1 product
Samba
Apple
2 products
Iphone Os
Mac Os X
Debian
1 product
Debian Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Heimdal
Before 7.4.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
All versions
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Samba
Samba
From 4.0.0 to 4.4.15
Samba
From 4.5.0 to 4.5.12
Samba
From 4.6.0 to 4.6.6
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Iphone Os
Before 11.0
Mac Os X
Before 10.13.1
Configuration E
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 8.0
Debian Linux
Version 9.0

Related CWEs

CWE-345
Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References (24)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.