CVE-2017-6594
Published: 28 August 2017
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
Notes
Author | Note |
---|---|
ratliff | Upstream: "[the fix] may break sites that rely on the bug." |
mdeslaur | heimdal-kdc package is in universe |
ccdm94 | in the commit that fixes this issue, upstream mentions that there might be applications that use this bug as a "feature" when sometimes authenticating in cross-realm configurations, meaning that applying the proposed fix could end up breaking said applications. In order to avoid regressions for applications that use heimdal in xenial and earlier, this issue will be marked as ignored for those releases. |
Priority
Status
Package | Release | Status |
---|---|---|
heimdal Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(7.4.0.dfsg.1-2)
|
bionic |
Not vulnerable
(7.4.0.dfsg.1-2)
|
|
cosmic |
Not vulnerable
(7.4.0.dfsg.1-2)
|
|
disco |
Not vulnerable
(7.4.0.dfsg.1-2)
|
|
eoan |
Not vulnerable
(7.4.0.dfsg.1-2)
|
|
focal |
Not vulnerable
(7.4.0.dfsg.1-2)
|
|
groovy |
Not vulnerable
(7.4.0.dfsg.1-2)
|
|
hirsute |
Not vulnerable
(7.4.0.dfsg.1-2)
|
|
impish |
Not vulnerable
(7.4.0.dfsg.1-2)
|
|
jammy |
Not vulnerable
(7.4.0.dfsg.1-2)
|
|
kinetic |
Not vulnerable
(7.4.0.dfsg.1-2)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Ignored
(regressions likely)
|
|
upstream |
Released
(7.1.0+dfsg-12)
|
|
xenial |
Ignored
(regressions likely)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
Patches: upstream: https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837 |
||
Binaries built from this source package are in Universe and so are supported by the community. |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |