CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.7%
USN-3353-1 fixed a vulnerability in Heimdal. This update provides
the corresponding updade for Ubuntu 12.04 ESM.
Original advisory details:
Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered
that Heimdal clients incorrectly trusted unauthenticated portions
of Kerberos tickets. A remote attacker could use this to impersonate
trusted network services or perform other attacks.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 12.04 | noarch | libkrb5-26-heimdal | <Β 1.6~git20120311.dfsg.1-2ubuntu0.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | heimdal-clients | <Β 1.6~git20120311.dfsg.1-2ubuntu0.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | heimdal-clients-dbgsym | <Β 1.6~git20120311.dfsg.1-2ubuntu0.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | heimdal-clients-x | <Β 1.6~git20120311.dfsg.1-2ubuntu0.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | heimdal-clients-x-dbgsym | <Β 1.6~git20120311.dfsg.1-2ubuntu0.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | heimdal-dbg | <Β 1.6~git20120311.dfsg.1-2ubuntu0.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | heimdal-dev | <Β 1.6~git20120311.dfsg.1-2ubuntu0.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | heimdal-kcm | <Β 1.6~git20120311.dfsg.1-2ubuntu0.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | heimdal-kcm-dbgsym | <Β 1.6~git20120311.dfsg.1-2ubuntu0.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | heimdal-kdc | <Β 1.6~git20120311.dfsg.1-2ubuntu0.2 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.7%