CVE-2017-6594

Published: 28 August 2017

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
heimdal
Launchpad, Ubuntu, Debian
Upstream
Released (7.1.0+dfsg-12)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(7.4.0.dfsg.1-2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(7.4.0.dfsg.1-2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(7.4.0.dfsg.1-2)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837
Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
ratliff
Upstream: "[the fix] may break sites that rely on the bug."
mdeslaur
heimdal-kdc package is in universe

References