CVE-2017-11462 - OpenCVE

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mit	Kerberos 5
Fedoraproject	Fedora

Configuration 1 [-]

OR	cpe:2.3:a:mit:kerberos_5:1.14:::::::*
	cpe:2.3:a:mit:kerberos_5:1.14:alpha1::::::
	cpe:2.3:a:mit:kerberos_5:1.14:beta1::::::
	cpe:2.3:a:mit:kerberos_5:1.14:beta2::::::
	cpe:2.3:a:mit:kerberos_5:1.14.1:::::::*
	cpe:2.3:a:mit:kerberos_5:1.14.2:::::::*
	cpe:2.3:a:mit:kerberos_5:1.14.3:::::::*
	cpe:2.3:a:mit:kerberos_5:1.14.4:::::::*
	cpe:2.3:a:mit:kerberos_5:1.14.5:::::::*
	cpe:2.3:a:mit:kerberos_5:1.15:::::::*
	cpe:2.3:a:mit:kerberos_5:1.15.1:::::::*
	cpe:2.3:a:mit:kerberos_5:1.15.1:beta1::::::
	cpe:2.3:a:mit:kerberos_5:1.15.1:beta2::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:25:::::::*
	cpe:2.3:o:fedoraproject:fedora:26:::::::*

References

Link	Resource
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1488873	Issue Tracking Patch Third Party Advisory VDB Entry
https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf	Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-13T16:00:00

Updated: 2017-09-13T15:57:01

Reserved: 2017-07-19T00:00:00

Link: CVE-2017-11462

JSON object: View

NVD Information

Status : Modified

Published: 2017-09-13T16:29:00.430

Modified: 2023-11-07T02:38:15.090

Link: CVE-2017-11462

JSON object: View

Redhat Information

No data.

CWE

CWE-415

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-09-09T00:00:00", "descriptions": [{"lang": "en", "value": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-13T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598"}, {"name": "FEDORA-2017-10c74147f9", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488873"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11462", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf", "refsource": "CONFIRM", "url": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf"}, {"name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598", "refsource": "CONFIRM", "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598"}, {"name": "FEDORA-2017-10c74147f9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488873"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11462", "datePublished": "2017-09-13T16:00:00", "dateReserved": "2017-07-19T00:00:00", "dateUpdated": "2017-09-13T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:*", "matchCriteriaId": "6E30B176-1FE5-4C53-8B79-2E6D87DF05B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.14:alpha1:*:*:*:*:*:*", "matchCriteriaId": "EC81822F-DC8C-4889-AD53-33216B66A109", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.14:beta1:*:*:*:*:*:*", "matchCriteriaId": "C1B23EE0-35EB-46FC-8620-AC0059498D9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.14:beta2:*:*:*:*:*:*", "matchCriteriaId": "70831CB8-695D-45E8-A829-2E888823E8A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "E650B5A3-99CA-491B-A1FB-259EF548D92E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "091F3C51-980E-482F-9882-0A555A8F74BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.14.3:*:*:*:*:*:*:*", "matchCriteriaId": "A00BDDDC-3D5D-4D63-A8D8-63BF2F4C7329", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.14.4:*:*:*:*:*:*:*", "matchCriteriaId": "42505BC2-12A0-43E9-8561-80270D7CA74D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.14.5:*:*:*:*:*:*:*", "matchCriteriaId": "AF0496EF-F0F9-4A5D-92F4-E50C5F3DCA12", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.15:*:*:*:*:*:*:*", "matchCriteriaId": "79EEC80F-9E4F-4A6D-BB8D-6AB7764AD8E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "DB427FE4-CC39-43EE-A27B-69C5B18056FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.15.1:beta1:*:*:*:*:*:*", "matchCriteriaId": "14A2F0C0-91E0-4DD9-851E-67CE8A5EAE0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.15.1:beta2:*:*:*:*:*:*", "matchCriteriaId": "C1770120-B3B2-4B5A-9785-162399A47989", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*", "matchCriteriaId": "6E4D8269-B407-4C24-AAB0-02F885C7D752", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error."}, {"lang": "es", "value": "Existe una vulnerabilidad de doble liberaci\u00f3n (double free) en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) que permite que atacantes provoquen un impacto no especificado mediante vectores que causen borrados autom\u00e1ticos de contextos de seguridad por error."}], "id": "CVE-2017-11462", "lastModified": "2023-11-07T02:38:15.090", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-13T16:29:00.430", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488873"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}