CVE-2017-11368
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-11368
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11368.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-11368
- Downstream
- Related
- Published
- 2017-08-09T18:29:01Z
- Modified
- 2025-10-15T04:35:54Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
- References
-
- http://www.securityfocus.com/bid/100291
- https://access.redhat.com/errata/RHSA-2018:0666
- https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/
Affected packages
Git / github.com/krb5/krb5
Affected ranges
- Type
- GIT
- Repo
- https://github.com/krb5/krb5
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"id": "CVE-2017-11368-16ce6abc",
"deprecated": false,
"digest": {
"length": 653.0,
"function_hash": "330028959243753203609613709933773874074"
},
"target": {
"file": "src/kdc/kdc_util.c",
"function": "kdc_process_s4u2proxy_req"
},
"source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2017-11368-5bf800eb",
"deprecated": false,
"digest": {
"length": 15624.0,
"function_hash": "83240240999769545177314307306634696539"
},
"target": {
"file": "src/kdc/do_tgs_req.c",
"function": "process_tgs_req"
},
"source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2017-11368-755de4b8",
"deprecated": false,
"digest": {
"length": 673.0,
"function_hash": "156221043922931185817485653085623573900"
},
"target": {
"file": "src/kdc/kdc_util.c",
"function": "kdc_process_for_user"
},
"source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2017-11368-a6179004",
"deprecated": false,
"digest": {
"line_hashes": [
"283975676019297401139999035662419444645",
"282672820768443496025395926450658577906",
"47215875968588905788377893875480578522",
"91415356043600347659629545620442554514",
"99052052106133597793956133896851414116",
"184992862356724350174483412619012981443",
"180808050400054218726783860965016757985",
"298778936289824725957268107039822507847",
"73155155861381541010112379124029782245",
"99432362990357885032626879684404162822",
"218227452749620134082433343964277257909",
"114506724569938914743330379561712543200",
"37246406000188172841916433720272670724",
"78014914416155917900049677080906534854",
"272232022684417892734841124247077554087",
"298769036358435233077422396747719161328",
"129707705023951043827643630971048549541",
"70541791018619243244654308933730348437"
],
"threshold": 0.9
},
"target": {
"file": "src/kdc/kdc_util.c"
},
"source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2017-11368-ae10ded1",
"deprecated": false,
"digest": {
"length": 771.0,
"function_hash": "74531147696732265420744333821386430488"
},
"target": {
"file": "src/kdc/kdc_util.c",
"function": "kdc_process_s4u_x509_user"
},
"source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2017-11368-ca597638",
"deprecated": false,
"digest": {
"line_hashes": [
"325367889476803086856633468511928700848",
"68989466184981042379603439399162329417",
"173256510690270124507023254971734967536",
"115082524213724777578031700444571321986"
],
"threshold": 0.9
},
"target": {
"file": "src/kdc/do_tgs_req.c"
},
"source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2017-11368-ea438f50",
"deprecated": false,
"digest": {
"line_hashes": [
"311703179622825782984481815100440141886",
"256372248361650419130344277581095724040",
"89102105830819084952166022460426190619",
"108192380190004863950675277511866253291",
"44123480385076308243782818462219067811"
],
"threshold": 0.9
},
"target": {
"file": "src/kdc/do_as_req.c"
},
"source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2017-11368-fcaca95d",
"deprecated": false,
"digest": {
"length": 7164.0,
"function_hash": "176621686112374436775066263314571356236"
},
"target": {
"file": "src/kdc/do_as_req.c",
"function": "finish_process_as_req"
},
"source": "https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970",
"signature_version": "v1",
"signature_type": "Function"
}
]