CVE-2017-17439 - OpenCVE

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Heimdal Project	Heimdal

Configuration 1 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://h5l.org/advisories.html?show=2017-12-08
http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html
http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144
https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887
https://github.com/heimdal/heimdal/issues/353
https://www.debian.org/security/2017/dsa-4055

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-06T15:00:00

Updated: 2024-08-05T20:51:31.511Z

Reserved: 2017-12-06T00:00:00

Link: CVE-2017-17439

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-12-06T15:29:00.250

Modified: 2017-12-30T02:29:02.217

Link: CVE-2017-17439

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-12-06T00:00:00", "descriptions": [{"lang": "en", "value": "In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-29T23:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/heimdal/heimdal/issues/353"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://h5l.org/advisories.html?show=2017-12-08"}, {"name": "DSA-4055", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-4055"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17439", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"}, {"name": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887", "refsource": "CONFIRM", "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"}, {"name": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html", "refsource": "CONFIRM", "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"}, {"name": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html", "refsource": "MISC", "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"}, {"name": "https://github.com/heimdal/heimdal/issues/353", "refsource": "CONFIRM", "url": "https://github.com/heimdal/heimdal/issues/353"}, {"name": "http://h5l.org/advisories.html?show=2017-12-08", "refsource": "CONFIRM", "url": "http://h5l.org/advisories.html?show=2017-12-08"}, {"name": "DSA-4055", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4055"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:51:31.511Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/heimdal/heimdal/issues/353"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://h5l.org/advisories.html?show=2017-12-08"}, {"name": "DSA-4055", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-4055"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17439", "datePublished": "2017-12-06T15:00:00", "dateReserved": "2017-12-06T00:00:00", "dateUpdated": "2024-08-05T20:51:31.511Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CFD4426-D9E3-4F45-8E0C-EC2DC17F5C00", "versionEndIncluding": "7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c."}, {"lang": "es", "value": "En Heimdal hasta la versi\u00f3n 7.4 atacantes remotos no autenticados pueden provocar el cierre inesperado del KDC enviando un paquete UDP manipulado que contenga campos de datos vac\u00edos para el nombre del cliente o para el realm. En ese caso, el analizador sint\u00e1ctico desreferenciar\u00e1 punteros NULL incondicionalmente, lo que dar\u00e1 lugar a un fallo de segmentaci\u00f3n. Esto est\u00e1 relacionado con la funci\u00f3n _kdc_as_rep en kdc/kerberos5.c y la funci\u00f3n der_length_visible_string function en lib/asn1/der_length.c."}], "id": "CVE-2017-17439", "lastModified": "2017-12-30T02:29:02.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-06T15:29:00.250", "references": [{"source": "cve@mitre.org", "url": "http://h5l.org/advisories.html?show=2017-12-08"}, {"source": "cve@mitre.org", "url": "http://www.h5l.org/pipermail/heimdal-announce/2017-December/000008.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.h5l.org/pipermail/heimdal-discuss/2017-August/000259.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/heimdal/heimdal/issues/353"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4055"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}