21 matches found
BELL-CVE-2017-11103 CVE-2017-11103 does not affect BellSoft software
Bulletin has no description...
Mageia: Security Advisory (MGASA-2017-0326)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2237-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-2110)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated samba packages fix security vulnerability
Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network servers or perform other attacks CVE-2017-11103. The samba package has been updated...
Security update for samba and resource-agents (important)
This update provides Samba 4.6.7, which fixes the following issues: - CVE-2017-11103: Metadata were being taken from the unauthenticated plaintext the Ticket rather than the authenticated and encrypted KDC response. bsc1048278 - Fix cephwrapchdir. bsc1048790 - Fix ctdb logs to /var/log/log.ctdb...
openSUSE Security Update : samba and resource-agents (openSUSE-2017-987) (Orpheus' Lyre)
This update provides Samba 4.6.7, which fixes the following issues : - CVE-2017-11103: Metadata were being taken from the unauthenticated plaintext the Ticket rather than the authenticated and encrypted KDC response. bsc1048278 - Fix cephwrapchdir. bsc1048790 - Fix ctdb logs to /var/log/log.ctdb...
openSUSE: Security Advisory for samba (openSUSE-SU-2017:2311-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLED12 / SLES12 Security Update : samba / resource-agents (SUSE-SU-2017:2237-1) (Orpheus' Lyre)
This update provides Samba 4.6.7, which fixes the following issues : - CVE-2017-11103: Metadata were being taken from the unauthenticated plaintext the Ticket rather than the authenticated and encrypted KDC response. bsc1048278 - Fix cephwrapchdir. bsc1048790 - Fix ctdb logs to /var/log/log.ctdb...
openSUSE Security Update : libheimdal (openSUSE-2017-937) (Orpheus' Lyre)
This update for libheimdal fixes the following issues : - Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation. This is a critical vulnerability. In krb5extractticket the KDC-REP service name must be obtained from encrypted version stored in 'encpart' instead of the unencrypted versi...
QNAP QTS < 4.2.6 build 20170729, 4.3.x < 4.3.3 build 20170727 Multiple Vulnerabilities
QNAP QTS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...
Fedora 25 : heimdal (2017-5d6a9e0c9c) (Orpheus' Lyre)
Update to 7.4.0 GA release CVE-2017-11103 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
[SECURITY] [DSA 3912-1] heimdal security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3912-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 16, 2017 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3909-1 (samba - security update)
Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus OpenVAS Vulnerability Test $Id: deb3909.nasl 6800 2017-07-26 06:58:22Z cfischer $ Auto-generated from advisory DSA...
CVE-2017-11103
CVE-2017-11103 affects Heimdal (Kerberos); vulnerability arises from improper handling of the KDC-REP service name in krb5_extract_ticket, enabling remote service impersonation when the unencrypted service name is used instead of the encrypted enc_part. Appleās security content (HT208112/HT208221...
Security fix for the ALT Linux 7 package samba-DC version 4.5.12-alt1.M70P.1
4.5.12-alt1.M70P.1 built July 13, 2017 Evgeny Sinelnikov in task 185331 July 12, 2017 Evgeny Sinelnikov - Update to summer security release - Security fixes: + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation...
Security fix for the ALT Linux 7 package samba version 4.5.12-alt1.M70P.1
4.5.12-alt1.M70P.1 built July 13, 2017 Evgeny Sinelnikov in task 185331 July 12, 2017 Evgeny Sinelnikov - Update to summer security release - Security fixes: + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation Samba binaries built against MIT Kerberos are not vulnerable...
Orpheus' Lyre mutual authentication validation bypass
All versions of Samba from 4.0.0 include an embedded copy of Heimdal Kerberos. Heimdal has made a security release, which disclosed: Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation This is a critical vulnerability. In krb5extractticket the KDC-REP service name must be obtained...
Security fix for the ALT Linux 8 package samba-DC version 4.6.6-alt1
July 12, 2017 Evgeny Sinelnikov 4.6.6-alt1 - Update to summer security release - Security fixes: + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation...
Security fix for the ALT Linux 10 package samba version 4.6.6-alt1.S1
July 12, 2017 Evgeny Sinelnikov 4.6.6-alt1.S1 - Update to summer security release - Security fixes: + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation...