Lucene search
+L

23 matches found

euvd
euvd
•added 2025/10/07 12:30 a.m.•5 views

EUVD-2017-2740

Malware in sbrugna...

8.1CVSS7.1AI score0.05118EPSS
Exploits0References18
broadcom
broadcom
•added 2017/08/25 12:0 a.m.•6 views

BSA-2017-384

Security Advisory ID : BSA-2017-384 Component : HEIMDAL/ KERBEROS 5 Revision : 2.0: Interim OHeimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In...

8.1CVSS6.8AI score0.05118EPSS
Exploits0
nessus
nessus
•added 2017/07/24 12:0 a.m.•28 views

Fedora 25 : heimdal (2017-5d6a9e0c9c) (Orpheus' Lyre)

Update to 7.4.0 GA release CVE-2017-11103 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

8.1CVSS7AI score0.05118EPSS
Exploits0References2
nessus
nessus
•added 2017/07/17 12:0 a.m.•33 views

Debian DSA-3912-1 : heimdal - security update (Orpheus' Lyre)

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, trusts metadata taken from the unauthenticated plaintext Ticket, rather than the authenticated and encrypted KDC response. A man-in-the-middle...

8.1CVSS7AI score0.05118EPSS
Exploits0References6
nessus
nessus
•added 2017/07/17 12:0 a.m.•22 views

Debian DSA-3909-1 : samba - security update (Orpheus' Lyre)

Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server. Also known as Orpheus' Lyre, this vulnerability is located in Samba Kerberos Key Distribution Center KDC-REP component and could be used ...

8.1CVSS7AI score0.05118EPSS
Exploits0References7
nessus
nessus
•added 2017/07/17 12:0 a.m.•29 views

Debian DLA-1027-1 : heimdal security update (Orpheus' Lyre)

Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in Heimdal Kerberos. Also known as Orpheus' Lyre, this vulnerability could be used by an attacker to mount a service impersonation attack on the client if he's on the network path between the...

8.1CVSS7AI score0.05118EPSS
Exploits0References4
nessus
nessus
•added 2017/07/14 12:0 a.m.•30 views

FreeBSD : samba -- Orpheus Lyre mutual authentication validation bypass (85851e4f-67d9-11e7-bc37-00505689d4ae) (Orpheus' Lyre)

The samba project reports : A MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

8.1CVSS7AI score0.05118EPSS
Exploits0References3
nvd
nvd
•added 2017/07/13 1:29 p.m.•15 views

CVE-2017-11103

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...

8.1CVSS8AI score0.05118EPSS
Exploits0References12
prion
prion
•added 2017/07/13 1:29 p.m.•31 views

Code injection

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...

6.8CVSS7.7AI score0.05118EPSS
Exploits0References12Affected Software5
cvelist
cvelist
•added 2017/07/13 1:0 p.m.•31 views

CVE-2017-11103

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...

8AI score0.05118EPSS
Exploits0References12
debiancve
debiancve
•added 2017/07/13 1:0 p.m.•28 views

CVE-2017-11103

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...

8.1CVSS6.7AI score0.05118EPSS
Exploits0
cve
cve
•added 2017/07/13 1:0 p.m.•628 views

CVE-2017-11103

CVE-2017-11103 affects Heimdal (Kerberos); vulnerability arises from improper handling of the KDC-REP service name in krb5_extract_ticket, enabling remote service impersonation when the unencrypted service name is used instead of the encrypted enc_part. Apple’s security content (HT208112/HT208221...

8.1CVSS7.9AI score0.05118EPSS
Exploits0References12Affected Software1
alpinelinux
alpinelinux
•added 2017/07/13 1:0 p.m.•49 views

CVE-2017-11103

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...

8.1CVSS8.1AI score0.05118EPSS
Exploits0
ubuntucve
ubuntucve
•added 2017/07/13 12:0 a.m.•24 views

CVE-2017-11103

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...

8.1CVSS6.8AI score0.05118EPSS
Exploits0References12
altlinux
altlinux
•added 2017/07/13 12:0 a.m.•71 views

Security fix for the ALT Linux 7 package samba version 4.5.12-alt1.M70P.1

4.5.12-alt1.M70P.1 built July 13, 2017 Evgeny Sinelnikov in task 185331 July 12, 2017 Evgeny Sinelnikov - Update to summer security release - Security fixes: + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation Samba binaries built against MIT Kerberos are not vulnerable...

6.8CVSS8.3AI score0.05118EPSS
Exploits0
altlinux
altlinux
•added 2017/07/13 12:0 a.m.•62 views

Security fix for the ALT Linux 7 package samba-DC version 4.5.12-alt1.M70P.1

4.5.12-alt1.M70P.1 built July 13, 2017 Evgeny Sinelnikov in task 185331 July 12, 2017 Evgeny Sinelnikov - Update to summer security release - Security fixes: + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation...

6.8CVSS8.3AI score0.05118EPSS
Exploits0
osv
osv
•added 2017/07/13 12:0 a.m.•2 views

UBUNTU-CVE-2017-11103

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...

8.1CVSS6.8AI score0.05118EPSS
Exploits0References13
redhatcve
redhatcve
•added 2017/07/12 8:24 a.m.•29 views

CVE-2017-11103

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In krb5extractticket the KDC-REP service name must be obtained from the encrypted version stored i...

8.1CVSS4.1AI score0.05118EPSS
Exploits0References2
altlinux
altlinux
•added 2017/07/12 12:0 a.m.•89 views

Security fix for the ALT Linux 8 package samba version July

July 12, 2017 Evgeny Sinelnikov 4.6.6-alt1 - Update to summer security release - Security fixes: + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation Samba binaries built against MIT Kerberos are not vulnerable...

6.8CVSS7AI score0.05118EPSS
Exploits0
altlinux
altlinux
•added 2017/07/12 12:0 a.m.•28 views

Security fix for the ALT Linux 8 package samba-DC version 4.6.6-alt1

July 12, 2017 Evgeny Sinelnikov 4.6.6-alt1 - Update to summer security release - Security fixes: + CVE-2017-11103 Orpheus' Lyre KDC-REP service name validation...

6.8CVSS7.1AI score0.05118EPSS
Exploits0
Rows per page
Query Builder