Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : heimdal vulnerability (USN-3353-1) (Orpheus' Lyre)
Medium Nessus Plugin ID 101769
SynopsisThe remote Ubuntu host is missing a security-related patch.
DescriptionJeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected libkrb5-26-heimdal package.