Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD3F3837CC-48FB-4414-AA46-5B1C23C9FEAE
HistoryJul 14, 2017 - 12:00 a.m.

krb5 -- Multiple vulnerabilities

2017-07-1400:00:00
vuxml.freebsd.org
17

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.2%

JSON

MIT reports:

CVE-2017-11368:
In MIT krb5 1.7 and later, an authenticated attacker can cause an
assertion failure in krb5kdc by sending an invalid S4U2Self or
S4U2Proxy request.

CVE-2017-11462:
RFC 2744 permits a GSS-API implementation to delete an existing
security context on a second or subsequent call to gss_init_sec_context()
or gss_accept_sec_context() if the call results in an error.
This API behavior has been found to be dangerous, leading to the
possibility of memory errors in some callers. For safety, GSS-API
implementations should instead preserve existing security contexts
on error until the caller deletes them.
All versions of MIT krb5 prior to this change may delete acceptor
contexts on error. Versions 1.13.4 through 1.13.7, 1.14.1 through
1.14.5, and 1.15 through 1.15.1 may also delete initiator contexts
on error.

Related

nessus 29
archlinux 2
altlinux 1
ubuntucve 2
ibm 9
fedora 6
redhatcve 2
debian 1
prion 2
osv 3
openvas 20
debiancve 2
mageia 2
cve 2
oraclelinux 1
redhat 1
amazon 2
centos 1
photon 1
nessus
nessus
FreeBSD : krb5 -- Multiple vulnerabilities (3f3837cc-48fb-4414-aa46-5b1c23c9feae)
2017-10-19 00:00:00
Fedora 26 : krb5 (2017-e5b36383f4)
2017-07-26 00:00:00
Fedora 27 : krb5 (2017-7a22a80c7e)
2018-01-15 00:00:00
archlinux
archlinux
[ASA-201710-8] krb5: multiple issues
2017-10-05 00:00:00
[ASA-201710-9] lib32-krb5: arbitrary code execution
2017-10-05 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package krb5 version 1.14.6-alt1.M80P.1
2018-05-03 00:00:00
ubuntucve
ubuntucve
CVE-2017-11462
2017-09-13 00:00:00
CVE-2017-11368
2017-08-09 00:00:00
ibm
ibm
Security Bulletin: IBM DataPower Gateway is affected by a vulnerability in Kerberos (CVE-2017-11462)
2019-11-06 15:00:30
Security Bulletin: IBM Tivoli Access Manager for e-business and IBM Security Access Manager releases are affected by a Kerberos vulnerability (CVE-2017-11462)
2018-10-17 14:55:02
Security Bulletin: IBM MQ Appliance is affected by an MIT Kerberos 5 vulnerability (CVE-2017-11462)
2020-01-23 15:04:33
fedora
fedora
[SECURITY] Fedora 27 Update: krb5-1.15.1-28.fc27
2017-09-30 07:26:52
[SECURITY] Fedora 26 Update: krb5-1.15.1-28.fc26
2017-09-09 23:57:12
[SECURITY] Fedora 25 Update: krb5-1.14.4-8.fc25
2017-07-25 00:30:20
redhatcve
redhatcve
CVE-2017-11462
2017-09-06 11:48:38
CVE-2017-11368
2017-07-21 07:48:44
debian
debian
[SECURITY] [DLA 1058-1] krb5 security update
2017-08-14 20:48:05
prion
prion
Double free
2017-09-13 16:29:00
Authentication flaw
2017-08-09 18:29:00
osv
osv
CVE-2017-11462
2017-09-13 16:29:00
krb5 - security update
2017-08-14 00:00:00
CVE-2017-11368
2017-08-09 18:29:01
openvas
openvas
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2019-2162)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:2659-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2019-2058)
2020-01-23 00:00:00
debiancve
debiancve
CVE-2017-11462
2017-09-13 16:29:00
CVE-2017-11368
2017-08-09 18:29:00
mageia
mageia
Updated krb5 packages fix security vulnerability
2017-08-12 13:13:00
Updated krb5 packages fix security vulnerabilities
2017-11-21 00:18:02
cve
cve
CVE-2017-11368
2017-08-09 18:29:00
CVE-2017-11462
2017-09-13 16:29:00
oraclelinux
oraclelinux
krb5 security, bug fix, and enhancement update
2018-04-16 00:00:00
redhat
redhat
(RHSA-2018:0666) Moderate: krb5 security, bug fix, and enhancement update
2018-04-10 04:57:46
amazon
amazon
Medium: krb5
2018-09-05 19:27:00
Medium: krb5
2018-05-10 17:18:00
centos
centos
krb5, libkadm5 security update
2018-04-26 17:43:57
photon
photon
Critical Photon OS Security Update - PHSA-2017-0076
2017-10-06 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.2%

JSON
Related for 3F3837CC-48FB-4414-AA46-5B1C23C9FEAE
nessus29archlinux2altlinux1ubuntucve2ibm9fedora6redhatcve2debian1prion2osv3openvas20debiancve2mageia2cve2oraclelinux1redhat1amazon2centos1photon1