Search for vulnerabilities
Vulnerability details: VCID-dzmf-adws-aaaj
Vulnerability ID VCID-dzmf-adws-aaaj
Aliases CVE-2017-11103
Summary Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-345 Insufficient Verification of Data Authenticity
CWE-319 Cleartext Transmission of Sensitive Information
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11103.html
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11103.json
epss 0.02923 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.02923 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.02923 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.02923 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.04697 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.04697 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.04697 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.04697 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.04697 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.04697 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.04697 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.04697 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.04697 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.04697 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.05766 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
epss 0.10321 https://api.first.org/data/v1/epss?cve=CVE-2017-11103
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1469976
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103
generic_textual Medium https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
generic_textual Medium https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2017-11103
cvssv3 8.1 https://nvd.nist.gov/vuln/detail/CVE-2017-11103
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2017-11103
generic_textual Medium https://orpheus-lyre.info/
generic_textual Medium https://ubuntu.com/security/notices/USN-3353-1
generic_textual Medium https://ubuntu.com/security/notices/USN-3353-2
generic_textual Medium https://ubuntu.com/security/notices/USN-3353-3
generic_textual Medium https://ubuntu.com/security/notices/USN-3353-4
generic_textual Medium https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc
generic_textual Medium https://www.orpheus-lyre.info/
generic_textual Medium https://www.samba.org/samba/security/CVE-2017-11103.html
generic_textual Medium http://www.h5l.org/advisories.html?show=2017-07-11
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11103.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11103.json
https://api.first.org/data/v1/epss?cve=CVE-2017-11103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103
https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0
https://orpheus-lyre.info/
https://support.apple.com/HT208112
https://support.apple.com/HT208144
https://support.apple.com/HT208221
https://ubuntu.com/security/notices/USN-3353-1
https://ubuntu.com/security/notices/USN-3353-2
https://ubuntu.com/security/notices/USN-3353-3
https://ubuntu.com/security/notices/USN-3353-4
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc
https://www.orpheus-lyre.info/
https://www.samba.org/samba/security/CVE-2017-11103.html
http://www.debian.org/security/2017/dsa-3912
http://www.h5l.org/advisories.html?show=2017-07-11
http://www.securityfocus.com/bid/99551
http://www.securitytracker.com/id/1038876
http://www.securitytracker.com/id/1039427
1469976 https://bugzilla.redhat.com/show_bug.cgi?id=1469976
868208 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868208
cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*
CVE-2017-11103 https://nvd.nist.gov/vuln/detail/CVE-2017-11103
USN-3353-1 https://usn.ubuntu.com/3353-1/
USN-3353-2 https://usn.ubuntu.com/3353-2/
USN-3353-3 https://usn.ubuntu.com/3353-3/
USN-3353-4 https://usn.ubuntu.com/3353-4/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11103.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-11103
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-11103
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-11103
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.90570
EPSS Score 0.02923
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.