KDC Assertion Failure in MIT Kerberos 5 by Attacks on S4U Requests
CVE-2017-11368

6.5MEDIUM

Key Information:

Vendor

Fedoraproject

Status
Fedora
Vendor
CVE Published:
9 August 2017

What is CVE-2017-11368?

In MIT Kerberos 5 versions 1.7 and later, a vulnerability has been identified where an authenticated attacker can trigger a KDC assertion failure. This occurs through the submission of invalid S4U2Self or S4U2Proxy requests, leading to potential disruptions in the Kerberos authentication process. It is crucial for system administrators and security professionals to be aware of this vulnerability to mitigate risks and protect their environments.

References

https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f...
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://access.redhat.com/errata/RHSA-2018:0666
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.