cve-2017-17439
Vulnerability from cvelistv5
Published
2017-12-06 15:00
Modified
2024-08-05 20:51
Severity ?
Summary
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.
References
cve@mitre.orghttp://h5l.org/advisories.html?show=2017-12-08
cve@mitre.orghttp://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html
cve@mitre.orghttp://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.htmlThird Party Advisory
cve@mitre.orghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144Issue Tracking, Mailing List, Third Party Advisory
cve@mitre.orghttps://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887Third Party Advisory
cve@mitre.orghttps://github.com/heimdal/heimdal/issues/353Patch, Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2017/dsa-4055Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://h5l.org/advisories.html?show=2017-12-08
af854a3a-2127-422b-91ae-364da2661108http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html
af854a3a-2127-422b-91ae-364da2661108http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/heimdal/heimdal/issues/353Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4055Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:51:31.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/heimdal/heimdal/issues/353"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://h5l.org/advisories.html?show=2017-12-08"
          },
          {
            "name": "DSA-4055",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4055"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-29T23:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/heimdal/heimdal/issues/353"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://h5l.org/advisories.html?show=2017-12-08"
        },
        {
          "name": "DSA-4055",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4055"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-17439",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"
            },
            {
              "name": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887",
              "refsource": "CONFIRM",
              "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"
            },
            {
              "name": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html",
              "refsource": "CONFIRM",
              "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"
            },
            {
              "name": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html",
              "refsource": "MISC",
              "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"
            },
            {
              "name": "https://github.com/heimdal/heimdal/issues/353",
              "refsource": "CONFIRM",
              "url": "https://github.com/heimdal/heimdal/issues/353"
            },
            {
              "name": "http://h5l.org/advisories.html?show=2017-12-08",
              "refsource": "CONFIRM",
              "url": "http://h5l.org/advisories.html?show=2017-12-08"
            },
            {
              "name": "DSA-4055",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4055"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-17439",
    "datePublished": "2017-12-06T15:00:00",
    "dateReserved": "2017-12-06T00:00:00",
    "dateUpdated": "2024-08-05T20:51:31.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.4.0\", \"matchCriteriaId\": \"6CFD4426-D9E3-4F45-8E0C-EC2DC17F5C00\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.\"}, {\"lang\": \"es\", \"value\": \"En Heimdal hasta la versi\\u00f3n 7.4 atacantes remotos no autenticados pueden provocar el cierre inesperado del KDC enviando un paquete UDP manipulado que contenga campos de datos vac\\u00edos para el nombre del cliente o para el realm. En ese caso, el analizador sint\\u00e1ctico desreferenciar\\u00e1 punteros NULL incondicionalmente, lo que dar\\u00e1 lugar a un fallo de segmentaci\\u00f3n. Esto est\\u00e1 relacionado con la funci\\u00f3n _kdc_as_rep en kdc/kerberos5.c y la funci\\u00f3n der_length_visible_string function en lib/asn1/der_length.c.\"}]",
      "id": "CVE-2017-17439",
      "lastModified": "2024-11-21T03:17:56.440",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-12-06T15:29:00.250",
      "references": "[{\"url\": \"http://h5l.org/advisories.html?show=2017-12-08\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/heimdal/heimdal/issues/353\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-4055\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://h5l.org/advisories.html?show=2017-12-08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/heimdal/heimdal/issues/353\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2017/dsa-4055\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-17439\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-12-06T15:29:00.250\",\"lastModified\":\"2024-11-21T03:17:56.440\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.\"},{\"lang\":\"es\",\"value\":\"En Heimdal hasta la versi\u00f3n 7.4 atacantes remotos no autenticados pueden provocar el cierre inesperado del KDC enviando un paquete UDP manipulado que contenga campos de datos vac\u00edos para el nombre del cliente o para el realm. En ese caso, el analizador sint\u00e1ctico desreferenciar\u00e1 punteros NULL incondicionalmente, lo que dar\u00e1 lugar a un fallo de segmentaci\u00f3n. Esto est\u00e1 relacionado con la funci\u00f3n _kdc_as_rep en kdc/kerberos5.c y la funci\u00f3n der_length_visible_string function en lib/asn1/der_length.c.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.4.0\",\"matchCriteriaId\":\"6CFD4426-D9E3-4F45-8E0C-EC2DC17F5C00\"}]}]}],\"references\":[{\"url\":\"http://h5l.org/advisories.html?show=2017-12-08\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/heimdal/heimdal/issues/353\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-4055\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://h5l.org/advisories.html?show=2017-12-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/heimdal/heimdal/issues/353\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2017/dsa-4055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.