Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 647
    • Issues 647
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 209
    • Merge Requests 209
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #9804

Closed
Open
Opened Dec 27, 2018 by Alicha CH@alichaReporter

[3.7] krb5: Ignore password attributes for S4U2Self requests (CVE-2018-20217)

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using
an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-20217
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763

Patch:

https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086

(from redmine: issue id 9804, created on 2018-12-27, closed on 2019-01-09)

  • Relations:
    • parent #9801 (closed)
  • Changesets:
    • Revision 5cfdd452 on 2019-01-07T08:03:07Z:
main/krb5: upgrade to 1.15.4, security fix for CVE-2018-20217

Fixes #9804
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.7.2
Milestone
3.7.2
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#9804