Published: 13/07/2017 Updated: 18/08/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Heimdal prior to 7.4 allows remote malicious users to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.

Vulnerable Product	Search on Vulmon	Subscribe to Product
heimdal project heimdal
freebsd freebsd -
samba samba
apple mac os x
apple iphone os
debian debian linux 8.0
debian debian linux 9.0
debian debian linux 10.0

Debian Bug report logs - #868208 CVE-2017-11103: MitM attack, impersonation of the Kerberos client, know as Orpheus Lyre Package: src:heimdal; Maintainer for src:heimdal is Brian May <bam@debianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Thu, 13 Jul 2017 05:00:02 UTC Severity: grave Tags: fixed-ups ...

Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual authentication bypass vulnerability in samba, the SMB/CIFS file, print, and login server Also known as Orpheus' Lyre, this vulnerability is located in Samba Kerberos Key Distribution Center (KDC-REP) component and could be used by an attacker on the network path to impersonate a ...

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, trusts metadata taken from the unauthenticated plaintext (Ticket), rather than the authenticated and encrypted KDC response A man-in-the-middle attacker can use this flaw to impersonate services ...

Heimdal could allow unintended access to network services ...

Samba could allow unintended access to network services ...

Heimdal could allow unintended access to network services ...

CWE-345 https://www.samba.org/samba/security/CVE-2017-11103.html https://www.orpheus-lyre.info/https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0 http://www.h5l.org/advisories.html?show=2017-07-11 http://www.securitytracker.com/id/1038876 http://www.securityfocus.com/bid/99551 http://www.securitytracker.com/id/1039427 https://support.apple.com/HT208144 https://support.apple.com/HT208112 http://www.debian.org/security/2017/dsa-3912 https://support.apple.com/HT208221 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868208 https://nvd.nist.gov https://usn.ubuntu.com/3353-3/https://www.debian.org/security/./dsa-3909

CVE-2017-11103

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect