Vulnerability CVE-2017-11368: Information

Description

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

Severity: MEDIUM (6.5)

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.0)

Vector: CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-11368

Published: Aug. 9, 2017

Modified: April 20, 2025

Error type identifier: CWE-617

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
krb5	sisyphus	1.15.2-alt2.S1	1.22.2-alt1	ALT-PU-2017-2651-1	192926	Fixed
krb5	p11	1.15.2-alt2.S1	1.21.3-alt2	ALT-PU-2017-2651-1	192926	Fixed
krb5	p10	1.15.2-alt2.S1	1.19.4-alt4	ALT-PU-2017-2651-1	192926	Fixed
krb5	p9	1.15.2-alt2.S1	1.17.2-alt5	ALT-PU-2017-2651-1	192926	Fixed
krb5	c10f2	1.15.2-alt2.S1	1.19.4-alt4	ALT-PU-2017-2651-1	192926	Fixed
krb5	c9f2	1.15.2-alt2.S1	1.17.2-alt5	ALT-PU-2017-2651-1	192926	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
http://www.securityfocus.com/bid/100291	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:0666
https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970	Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/

Affected configurations:
1. cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos:5-1.13.7:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.8.5:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.8.6:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.9.2:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.9.3:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.9.4:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.12.3:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.13.5:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.13.6:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.14:alpha1:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.14:beta1:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.14:beta2:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.14.2:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.14.3:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.14.4:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.14.5:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.15:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.15.1:*:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.15.1:beta1:*:*:*:*:*:*
  cpe:2.3:a:mit:kerberos_5:1.15.1:beta2:*:*:*:*:*:*

Version: v26.2.2