UBUNTU-CVE-2017-6594

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2017-6594

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-6594.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-6594

Related

CVE-2017-6594

Published

2017-08-28T19:29:00Z

Modified

2017-08-28T19:29:00Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

References

Affected packages

Ubuntu:Pro:14.04:LTS / heimdal

Package

Name: heimdal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6~git20120403+dfsg1-3ubuntu0.1

1.6~git20120403+dfsg1-3ubuntu0.2

1.6~git20131207+dfsg-1ubuntu1

1.6~git20131207+dfsg-1ubuntu1.1

1.6~git20131207+dfsg-1ubuntu1.2

1.6~git20131207+dfsg-1ubuntu1.2+esm1

1.6~git20131207+dfsg-1ubuntu1.2+esm2

1.6~git20131207+dfsg-1ubuntu1.2+esm3

1.6~git20131207+dfsg-1ubuntu1.2+esm4

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / heimdal

Package

Name: heimdal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6~rc2+dfsg-10ubuntu1

1.7~git20150920+dfsg-4ubuntu1

1.7~git20150920+dfsg-4ubuntu1.16.04.1

1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1

1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm2

1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm3

1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm4

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:18.04:LTS / heimdal

Package

Name: heimdal
Purl: pkg:deb/ubuntu/heimdal@7.4.0.dfsg.1-2?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.4.0.dfsg.1-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libasn1-8-heimdal": "7.4.0.dfsg.1-2",
            "heimdal-clients": "7.4.0.dfsg.1-2",
            "libhdb9-heimdal": "7.4.0.dfsg.1-2",
            "libgssapi3-heimdal": "7.4.0.dfsg.1-2",
            "libkrb5-26-heimdal": "7.4.0.dfsg.1-2",
            "libsl0-heimdal": "7.4.0.dfsg.1-2",
            "libkadm5srv8-heimdal": "7.4.0.dfsg.1-2",
            "heimdal-servers": "7.4.0.dfsg.1-2",
            "libhcrypto4-heimdal": "7.4.0.dfsg.1-2",
            "libotp0-heimdal": "7.4.0.dfsg.1-2",
            "heimdal-docs": "7.4.0.dfsg.1-2",
            "heimdal-dbg": "7.4.0.dfsg.1-2",
            "libwind0-heimdal": "7.4.0.dfsg.1-2",
            "libheimbase1-heimdal": "7.4.0.dfsg.1-2",
            "libkafs0-heimdal": "7.4.0.dfsg.1-2",
            "heimdal-kcm": "7.4.0.dfsg.1-2",
            "libroken18-heimdal": "7.4.0.dfsg.1-2",
            "heimdal-dev": "7.4.0.dfsg.1-2",
            "libheimntlm0-heimdal": "7.4.0.dfsg.1-2",
            "heimdal-kdc": "7.4.0.dfsg.1-2",
            "libhx509-5-heimdal": "7.4.0.dfsg.1-2",
            "libkdc2-heimdal": "7.4.0.dfsg.1-2",
            "libkadm5clnt7-heimdal": "7.4.0.dfsg.1-2",
            "heimdal-multidev": "7.4.0.dfsg.1-2"
        }
    ]
}