Bug 1469976 (CVE-2017-11103)

Summary: CVE-2017-11103 krb5: Metadata taken from the unauthenticated plaintext
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abokovoy, apintea, bkundal, bmaxwell, cdewolf, chazlett, csutherl, darran.lofthouse, dimitris, dosoudil, dpal, fgavrilo, gzaronik, jawilson, jclere, jmclark, jondruse, jplans, jshepherd, j, ktdreyer, lgao, mbabacek, myarboro, nalin, npmccallum, pgier, pjurak, pkis, ppalaga, psakar, pslavice, rharwood, rnetuka, rstancel, rsvoboda, sisharma, sstavrev, twalsh, vtunka, weli
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-12 08:26:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1469998    
Bug Blocks: 1469977    

Description Andrej Nemec 2017-07-12 08:02:31 UTC
A vulnerability was found in several independently developed implementations of Kerberos which caused that metadata were taken from the unauthenticated plaintext (the Ticket) rather than the authenticated and encrypted KDC response.

Proposed patch:


Comment 1 Andrej Nemec 2017-07-12 08:04:38 UTC
External References:


Comment 2 Huzaifa S. Sidhpurwala 2017-07-12 08:26:31 UTC

This issue does not affect the version of MIT Kerberos implementation as shipped with Red Hat Enterprise Linux. This issue also does not affect the version of Samba as shipped with Red Hat Enterprise Linux.

Comment 3 Andrej Nemec 2017-07-12 09:01:43 UTC
Created heimdal tracking bugs for this issue:

Affects: fedora-all [bug 1469998]