CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
92.7%
Heimdal before 7.4 allows remote attackers to impersonate services with
Orpheusβ Lyre attacks because it obtains service-principal names in a way
that violates the Kerberos 5 protocol specification. In
_krb5_extract_ticket() the KDC-REP service name must be obtained from the
encrypted version stored in βenc_partβ instead of the unencrypted version
stored in βticketβ. Use of the unencrypted version provides an opportunity
for successful server impersonation and other attacks. NOTE: this CVE is
only for Heimdal and other products that embed Heimdal code; it does not
apply to other instances in which this part of the Kerberos 5 protocol
specification is violated.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | heimdal | <Β 1.6~git20131207+dfsg-1ubuntu1.2 | UNKNOWN |
ubuntu | 16.04 | noarch | heimdal | <Β 1.7~git20150920+dfsg-4ubuntu1.16.04.1 | UNKNOWN |
ubuntu | 16.10 | noarch | heimdal | <Β 1.7~git20150920+dfsg-4ubuntu1.16.10.1 | UNKNOWN |
ubuntu | 17.04 | noarch | heimdal | <Β 7.1.0+dfsg-9ubuntu1.1 | UNKNOWN |
ubuntu | 14.04 | noarch | samba | <Β 2:4.3.11+dfsg-0ubuntu0.14.04.10 | UNKNOWN |
ubuntu | 16.04 | noarch | samba | <Β 2:4.3.11+dfsg-0ubuntu0.16.04.9 | UNKNOWN |
ubuntu | 16.10 | noarch | samba | <Β 2:4.4.5+dfsg-2ubuntu5.8 | UNKNOWN |
ubuntu | 17.04 | noarch | samba | <Β 2:4.5.8+dfsg-0ubuntu0.17.04.4 | UNKNOWN |
www.h5l.org/advisories.html?show=2017-07-11
github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0
launchpad.net/bugs/cve/CVE-2017-11103
nvd.nist.gov/vuln/detail/CVE-2017-11103
orpheus-lyre.info/
security-tracker.debian.org/tracker/CVE-2017-11103
ubuntu.com/security/notices/USN-3353-1
ubuntu.com/security/notices/USN-3353-2
ubuntu.com/security/notices/USN-3353-3
ubuntu.com/security/notices/USN-3353-4
www.cve.org/CVERecord?id=CVE-2017-11103
www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc
www.orpheus-lyre.info/
www.samba.org/samba/security/CVE-2017-11103.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
92.7%