#VU17350 Reachable Assertion in Kerberos 5 - CVE-2018-20217

Cybersecurity Help s.r.o.

Published: 2019-02-01

Vulnerability identifier: #VU17350

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-20217

CWE-ID: CWE-617

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Kerberos 5
Client/Desktop applications / Software for system administration

Vendor: MIT

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in in the KDC. A remote attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4) and crash the KDC by making an S4U2Self request.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Kerberos 5: 1.14 - 1.16.3

External links
https://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

VMware Tanzu products update for Kerberos

Ubuntu update for krb5

Multiple vulnerabilities in Dell EMC Unity Family

Multiple vulnerabilities in IBM Security Verify Access

Amazon Linux AMI update for krb5

OpenSUSE Linux update for krb5

Reachable Assertion in krb5 (Alpine package)