FKIE_CVE-2017-17439

Vulnerability from fkie_nvd - Published: 2017-12-06 15:29 - Updated: 2025-04-20 01:37
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.
References
cve@mitre.orghttp://h5l.org/advisories.html?show=2017-12-08
cve@mitre.orghttp://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html
cve@mitre.orghttp://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.htmlThird Party Advisory
cve@mitre.orghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144Issue Tracking, Mailing List, Third Party Advisory
cve@mitre.orghttps://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887Third Party Advisory
cve@mitre.orghttps://github.com/heimdal/heimdal/issues/353Patch, Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2017/dsa-4055Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://h5l.org/advisories.html?show=2017-12-08
af854a3a-2127-422b-91ae-364da2661108http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html
af854a3a-2127-422b-91ae-364da2661108http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/heimdal/heimdal/issues/353Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4055Third Party Advisory
Impacted products
Vendor Product Version
debian debian_linux 9.0
heimdal_project heimdal *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CFD4426-D9E3-4F45-8E0C-EC2DC17F5C00",
              "versionEndIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c."
    },
    {
      "lang": "es",
      "value": "En Heimdal hasta la versi\u00f3n 7.4 atacantes remotos no autenticados pueden provocar el cierre inesperado del KDC enviando un paquete UDP manipulado que contenga campos de datos vac\u00edos para el nombre del cliente o para el realm. En ese caso, el analizador sint\u00e1ctico desreferenciar\u00e1 punteros NULL incondicionalmente, lo que dar\u00e1 lugar a un fallo de segmentaci\u00f3n. Esto est\u00e1 relacionado con la funci\u00f3n _kdc_as_rep en kdc/kerberos5.c y la funci\u00f3n der_length_visible_string function en lib/asn1/der_length.c."
    }
  ],
  "id": "CVE-2017-17439",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-06T15:29:00.250",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://h5l.org/advisories.html?show=2017-12-08"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/heimdal/heimdal/issues/353"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h5l.org/advisories.html?show=2017-12-08"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/heimdal/heimdal/issues/353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4055"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.