CVE-2017-6594

NameCVE-2017-6594
DescriptionThe transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
heimdal (PTS)wheezy1.6~git20120403+dfsg1-2vulnerable
wheezy (security)1.6~git20120403+dfsg1-2+deb7u1vulnerable
jessie (security), jessie1.6~rc2+dfsg-9+deb8u1vulnerable
stretch (security), stretch7.1.0+dfsg-13+deb9u1fixed
buster, sid7.4.0.dfsg.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
heimdalsource(unstable)7.1.0+dfsg-12medium

Notes

[jessie] - heimdal <no-dsa> (Minor issue)
[wheezy] - heimdal <no-dsa> (Minor issue)
https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837
See https://lists.debian.org/debian-lts/2017/05/msg00010.html

Search for package or bug name: Reporting problems