CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.7%
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheusβ Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in βenc_partβ instead of the unencrypted version stored in βticketβ. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.
Vendor | Product | Version | CPE |
---|---|---|---|
heimdal_project | heimdal | * | cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:* |
freebsd | freebsd | - | cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:* |
samba | samba | * | cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* |
apple | iphone_os | * | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
apple | mac_os_x | * | cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
debian | debian_linux | 8.0 | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
debian | debian_linux | 9.0 | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
debian | debian_linux | 10.0 | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
www.debian.org/security/2017/dsa-3912
www.h5l.org/advisories.html?show=2017-07-11
www.securityfocus.com/bid/99551
www.securitytracker.com/id/1038876
www.securitytracker.com/id/1039427
github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0
support.apple.com/HT208112
support.apple.com/HT208144
support.apple.com/HT208221
www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc
www.orpheus-lyre.info/
www.samba.org/samba/security/CVE-2017-11103.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.7%