CVE-2017-11103

HIGH EPSS 91.4%
Published Jul 13, 20178y ago · Modified Jun 17, 20262w ago
8.1 CVSS 3.1
High
Find Similar
Published Jul 13, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

CVSS Details

Base Score
8.1
Exploitability
2.2
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
91.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-345

Affected Products 10

VendorProductVersionRange
heimdal_projectheimdal* <7.4.0
freebsdfreebsd*any
sambasamba*≥4.0.0  –  <4.4.15
sambasamba*≥4.5.0  –  <4.5.12
sambasamba*≥4.6.0  –  <4.6.6
appleiphone_os* <11.0
applemac_os_x* <10.13.1
debiandebian_linux8.0any
debiandebian_linux9.0any
debiandebian_linux10.0any

References 12

  • debian.org http://www.debian.org/security/2017/dsa-3912
    Third Party Advisory
  • h5l.org http://www.h5l.org/advisories.html?show=2017-07-11
    Broken Link
  • securityfocus.com http://www.securityfocus.com/bid/99551
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1038876
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1039427
    Third Party AdvisoryVDB Entry
  • github.com https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0
    Release Notes
  • support.apple.com https://support.apple.com/HT208112
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT208144
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT208221
    Third Party Advisory
  • freebsd.org https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc
    Third Party Advisory
  • orpheus-lyre.info https://www.orpheus-lyre.info/
    Third Party Advisory
  • samba.org https://www.samba.org/samba/security/CVE-2017-11103.html
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.