Vulnerability CVE-2018-20217: Information
Description
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
krb5 | sisyphus | 1.16.3-alt1 | 1.21.2-alt2 | ALT-PU-2019-1019-1 | 219042 | Fixed |
krb5 | p10 | 1.16.3-alt1 | 1.19.4-alt3 | ALT-PU-2019-1019-1 | 219042 | Fixed |
krb5 | p9 | 1.16.3-alt1 | 1.17.2-alt5 | ALT-PU-2019-1019-1 | 219042 | Fixed |
krb5 | c10f1 | 1.16.3-alt1 | 1.19.4-alt3 | ALT-PU-2019-1019-1 | 219042 | Fixed |
krb5 | c9f2 | 1.16.3-alt1 | 1.17.2-alt5 | ALT-PU-2019-1019-1 | 219042 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086 |
|
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763 |
|
[debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update |
|
https://security.netapp.com/advisory/ntap-20190416-0006/ |
|
[debian-lts-announce] 20210930 [SECURITY] [DLA 2771-1] krb5 security update |
|
FEDORA-2018-7db7ccda4d |