openSUSE Security Update : libheimdal (openSUSE-2017-937) (Orpheus' Lyre)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for libheimdal fixes the following issues :

- Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name
validation. This is a critical vulnerability. In
_krb5_extract_ticket() the KDC-REP service name must be
obtained from encrypted version stored in 'enc_part'
instead of the unencrypted version stored in 'ticket'.
Use of the unecrypted version provides an opportunity
for successful server impersonation and other attacks.
Identified by Jeffrey Altman, Viktor Duchovni and Nico
Williams. See https://www.orpheus-lyre.info/ for more
details. (bsc#1048278)

- Fix CVE-2017-6594: transit path validation inadvertently
caused the previous hop realm to not be added to the
transit path of issued tickets. This may, in some cases,
enable bypass of capath policy in Heimdal versions 1.5
through 7.2. Note, this may break sites that rely on the
bug. With the bug some incomplete [capaths] worked, that
should not have. These may now break authentication in
some cross-realm configurations.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1048278
https://www.orpheus-lyre.info/

Solution :

Update the affected libheimdal packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 102556 ()

Bugtraq ID:

CVE ID: CVE-2017-11103
CVE-2017-6594

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now