CVE-2017-6594
First published: Mon Aug 28 2017(Updated: )
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| heimdal | <=7.2.0 | |
| SUSE Linux | =42.2 | |
| SUSE Linux | =42.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-6594?
CVE-2017-6594 is considered a medium severity vulnerability.
How do I fix CVE-2017-6594?
To fix CVE-2017-6594, upgrade the Heimdal software to version 7.3 or later.
Which software is affected by CVE-2017-6594?
CVE-2017-6594 affects Heimdal prior to version 7.3, as well as specific versions of openSUSE Leap 42.2 and 42.3.
What type of vulnerability is CVE-2017-6594?
CVE-2017-6594 is a vulnerability related to transit path validation in the Heimdal authentication protocols.
Can CVE-2017-6594 be exploited remotely?
Yes, CVE-2017-6594 can potentially be exploited by attackers remotely if the conditions are met.
- agent/type
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/heimdal project
- canonical/heimdal
- version/heimdal/7.2.0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/42.2
- version/suse linux/42.3