23 matches found
EUVD-2017-2740
Malware in sbrugna...
BSA-2017-384
Security Advisory ID : BSA-2017-384 Component : HEIMDAL/ KERBEROS 5 Revision : 2.0: Interim OHeimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In...
Fedora 25 : heimdal (2017-5d6a9e0c9c) (Orpheus' Lyre)
Update to 7.4.0 GA release CVE-2017-11103 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Debian DSA-3912-1 : heimdal - security update (Orpheus' Lyre)
Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, trusts metadata taken from the unauthenticated plaintext Ticket, rather than the authenticated and encrypted KDC response. A man-in-the-middle...
Debian DSA-3909-1 : samba - security update (Orpheus' Lyre)
Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus' Lyre, this vulnerability is located in Samba Kerberos Key Distribution Center KDC-REP component and could be used ...
Debian DLA-1027-1 : heimdal security update (Orpheus' Lyre)
Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in Heimdal Kerberos. Also known as Orpheus' Lyre, this vulnerability could be used by an attacker to mount a service impersonation attack on the client if he's on the network path between the...
FreeBSD : samba -- Orpheus Lyre mutual authentication validation bypass (85851e4f-67d9-11e7-bc37-00505689d4ae) (Orpheus' Lyre)
The samba project reports : A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
CVE-2017-11103
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...
Code injection
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...
CVE-2017-11103
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...
CVE-2017-11103
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...
CVE-2017-11103
CVE-2017-11103 affects Heimdal (Kerberos); vulnerability arises from improper handling of the KDC-REP service name in krb5_extract_ticket, enabling remote service impersonation when the unencrypted service name is used instead of the encrypted enc_part. Appleās security content (HT208112/HT208221...
CVE-2017-11103
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...
CVE-2017-11103
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...
Security fix for the ALT Linux 7 package samba version 4.5.12-alt1.M70P.1
4.5.12-alt1.M70P.1 built July 13, 2017 Evgeny Sinelnikov in task 185331 July 12, 2017 Evgeny Sinelnikov - Update to summer security release - Security fixes: + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation Samba binaries built against MIT Kerberos are not vulnerable...
Security fix for the ALT Linux 7 package samba-DC version 4.5.12-alt1.M70P.1
4.5.12-alt1.M70P.1 built July 13, 2017 Evgeny Sinelnikov in task 185331 July 12, 2017 Evgeny Sinelnikov - Update to summer security release - Security fixes: + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation...
UBUNTU-CVE-2017-11103
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...
CVE-2017-11103
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...
Security fix for the ALT Linux 8 package samba version July
July 12, 2017 Evgeny Sinelnikov 4.6.6-alt1 - Update to summer security release - Security fixes: + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation Samba binaries built against MIT Kerberos are not vulnerable...
Security fix for the ALT Linux 8 package samba-DC version 4.6.6-alt1
July 12, 2017 Evgeny Sinelnikov 4.6.6-alt1 - Update to summer security release - Security fixes: + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation...