- ------------------------------------------------------------------------- Debian Security Advisory DSA-3912-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso July 16, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : heimdal CVE ID : CVE-2017-11103 Debian Bug : 868208 Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, trusts metadata taken from the unauthenticated plaintext (Ticket), rather than the authenticated and encrypted KDC response. A man-in-the-middle attacker can use this flaw to impersonate services to the client. See https://orpheus-lyre.info/ for details. For the oldstable distribution (jessie), this problem has been fixed in version 1.6~rc2+dfsg-9+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 7.1.0+dfsg-13+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 7.4.0.dfsg.1-1. We recommend that you upgrade your heimdal packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Debian: DSA-3912-1: heimdal security update
Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, trusts metadata taken from the unauthenticated plaintext (Ticket), rather than the authenticated and encrypted KDC response. A
