CVE-2018-20217
Published: 26 December 2018
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
From the Ubuntu Security Team
It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
krb5 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(1.16-2ubuntu0.3)
|
| cosmic |
Ignored
(reached end-of-life)
|
|
| disco |
Ignored
(reached end-of-life)
|
|
| eoan |
Ignored
(reached end-of-life)
|
|
| focal |
Not vulnerable
(1.17-6ubuntu4)
|
|
| groovy |
Not vulnerable
(1.17-10)
|
|
| hirsute |
Not vulnerable
(1.17-10)
|
|
| impish |
Not vulnerable
(1.17-10)
|
|
| jammy |
Not vulnerable
(1.17-10)
|
|
| kinetic |
Not vulnerable
(1.17-10)
|
|
| precise |
Ignored
(end of ESM support, was needs-triage)
|
|
| trusty |
Released
(1.12+dfsg-2ubuntu5.4+esm1)
|
|
| upstream |
Released
(1.17)
|
|
| xenial |
Released
(1.13.2+dfsg-5ubuntu2.2+esm3)
|
|
|
Patches: upstream: https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086 |
||
| Binaries built from this source package are in Universe and so are supported by the community. | ||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.3 |
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |