Bird_banner_small4
Heimdal KDC ASN1 DER Length Denial of Service
TSL ID TSL20180109-01
CVE ID(s) CVE-2017-17439
Severity High
Description

A denial-of-service vulnerability exists in Heimdal, a Kerberos implementation. The vulnerability is due to a NULL pointer dereference in der_length_visible_string().

A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted packet to the target server. Successful exploitation will cause the process to abnormally terminate.

The vendor provides an advisory for this vulnerability:

http://www.h5l.org/releases.html

Affected Products
  • h5l.org Heimdal prior to 7.5.0
CVSS Score Base 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C):
  • Access vector is NETWORK
  • Access complexity is LOW
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is NONE
  • Impact of this vulnerability on data integrity is NONE
  • Impact of this vulnerability on data availability is COMPLETE
Temporal 5.8 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144
https://bugzilla.redhat.com/show_bug.cgi?id=1524547
https://github.com/heimdal/heimdal/issues/353
http://www.h5l.org/releases.html
Related Threats