CVE-2018-20217 - OpenCVE

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:S/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Mit	Kerberos

Configuration 1 [-]

cpe:2.3:a:mit:kerberos:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

References

Link	Resource
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763	Patch Third Party Advisory
https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/
https://security.netapp.com/advisory/ntap-20190416-0006/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-26T20:00:00

Updated: 2021-09-30T21:06:12

Reserved: 2018-12-19T00:00:00

Link: CVE-2018-20217

JSON object: View

NVD Information

Status : Modified

Published: 2018-12-26T21:29:02.543

Modified: 2023-11-07T02:56:15.177

Link: CVE-2018-20217

JSON object: View

Redhat Information

No data.

CWE

CWE-617

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-30T21:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2018-7db7ccda4d", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086"}, {"name": "[debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190416-0006/"}, {"name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2771-1] krb5 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20217", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2018-7db7ccda4d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/"}, {"name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763", "refsource": "CONFIRM", "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763"}, {"name": "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086", "refsource": "CONFIRM", "url": "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086"}, {"name": "[debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"}, {"name": "https://security.netapp.com/advisory/ntap-20190416-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190416-0006/"}, {"name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2771-1] krb5 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20217", "datePublished": "2018-12-26T20:00:00", "dateReserved": "2018-12-19T00:00:00", "dateUpdated": "2021-09-30T21:06:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos:*:*:*:*:*:*:*:*", "matchCriteriaId": "47D60B1D-E4D9-4FF8-8C98-7ACCF81D3F24", "versionEndExcluding": "5-1.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request."}, {"lang": "es", "value": "Se ha descubierto un problema de aserci\u00f3n alcanzable en el KDC en MIT Kerberos 5 (tambi\u00e9n conocido como krb5), en versiones anteriores a la 1.17. Si un atacante puede obtener un ticket krbtgt mediante un tipo de cifrado m\u00e1s antiguo (DES, Triple DES o RC4), este puede provocar el cierre inesperado de KDC realizando una petici\u00f3n S4U2Self."}], "id": "CVE-2018-20217", "lastModified": "2023-11-07T02:56:15.177", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-26T21:29:02.543", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190416-0006/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}]}