Linux Distros Unpatched Vulnerability : CVE-2017-11368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MIT Kerberos 5 aka krb5 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests...

Mageia: Security Advisory (MGASA-2017-0256)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.2.0 : krb5 (EulerOS-SA-2021-1403)

According to the versions of the krb5 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Kerberos is a network authentication system. The krb5-server package contains the programs that must be installed on a...

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2021-1403)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.5.3 : krb5 (EulerOS-SA-2019-1167)

According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remot...

EulerOS Virtualization 2.5.2 : krb5 (EulerOS-SA-2018-1408)

According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client...

EulerOS 2.0 SP3 : krb5 (EulerOS-SA-2018-1361)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an...

Amazon Linux AMI : krb5 (ALAS-2018-1010)

A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request.CVE-2017-11368 An authentication bypass flaw was found in the way krb5's certauth...

Medium: krb5

Issue Overview: A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request.CVE-2017-11368 An authentication bypass flaw was found in the way...

Security Bulletin: IBM Security Access Manager Appliance is affected by Kerberos vulnerabilities (CVE-2017-11368, CVE-2017-7562)

Summary IBM Security Access Manager Appliance has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-11368 DESCRIPTION: MIT Kerberos 5 is vulnerable to a denial of service, caused by a KDC assertion failure. By sending a specially-crafted request, a remote authenticate...

Medium: krb5

Issue Overview: Authentication bypass by improper validation of certificate EKU and SAN An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to...

Security fix for the ALT Linux 8 package krb5 version 1.14.6-alt1.M80P.1

1.14.6-alt1.M80P.1 built May 3, 2018 Evgeny Sinelnikov in task 204403 April 17, 2018 Evgeny Sinelnikov - Update to latest security release of krb5-1.14 - Security fixes: + CVE-2017-11368 Fix a KDC denial of service vulnerability caused by unset status strings + CVE-2017-11462 Preserve GSS context...

Scientific Linux Security Update : krb5 on SL7.x x86_64 (20180410)

Security Fixes : - krb5: Authentication bypass by improper validation of certificate EKU and SAN CVE-2017-7562 - krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure CVE-2017-11368 Additional Changes : C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

CentOS 7 : krb5 (CESA-2018:0666)

An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

krb5, libkadm5 security update

CentOS Errata and Security Advisory CESA-2018:0666 An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Oracle Linux 7 : krb5 (ELSA-2018-0666)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0666 advisory. - Fix CVE-2017-7562 certauth eku bypass - Fix CVE-2017-11368 s4u2 request assertion failures Tenable has extracted the preceding description block...

krb5 security, bug fix, and enhancement update

1.15.1-18 - Expose context errors in pkinitserverplugininit - Resolves: 1460089 1.15.1-17 - Drop certauth test changes that prevented runnig it - Resolves: 1498767 1.15.1-16 - Drop irrelevant DIR trigger logic - Resolves: 1431198 1.15.1-15 - Fix CVE-2017-7562 certauth eku bypass - Resolves: 14987...

FreeBSD : krb5 -- Multiple vulnerabilities (3f3837cc-48fb-4414-aa46-5b1c23c9feae)

MIT reports : CVE-2017-11368 : In MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request. CVE-2017-11462 : RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or...

[ASA-201710-8] krb5: multiple issues

Arch Linux Security Advisory ASA-201710-8 ========================================= Severity: High Date : 2017-10-05 CVE-ID : CVE-2017-11368 CVE-2017-11462 Package : krb5 Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-414 Summary ======= The package krb5 before...

[SECURITY] [DLA 1058-1] krb5 security update

From: Lucas Kanashiro [email protected] To: [email protected] Subject: SECURITY DLA 1058-1 krb5 security update Package : krb5 Version : 1.10.1+dfsg-5+deb7u8 CVE ID : CVE-2017-11368 Debian Bug : 869260 In MIT Kerberos 5 aka krb5 1.7 and later, an authenticated attacker can...