What is CVE-2018-20217?

CVE-2018-20217 is a vulnerability in MIT Kerberos 5 (krb5) before version 1.17 that allows an attacker with a krbtgt ticket using an older encryption type to crash the KDC by making an S4U2Self request.

How does CVE-2018-20217 affect MIT Kerberos?

CVE-2018-20217 affects MIT Kerberos 5 (krb5) before version 1.17 by causing a crash in the KDC if an attacker can obtain a krbtgt ticket with an older encryption type.

What is the severity of CVE-2018-20217?

CVE-2018-20217 has a severity rating of 5.3 (medium).

How can I fix CVE-2018-20217 in MIT Kerberos?

To fix CVE-2018-20217 in MIT Kerberos, update to version 1.17 or later.

Are there any references for CVE-2018-20217?

Yes, here are some references for CVE-2018-20217: [MIT Kerberos RT Ticket](http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763), [MIT Kerberos Commit](https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086), [Debian LTS Announcement](https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html).

Vulnerability/
CVE-2018-20217

medium

5.3

CWE

617

26/12/2018

5/8/2024

CVE-2018-20217

First published: Wed Dec 26 2018(Updated: )

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
MIT Kerberos	<5-1.17
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0

Remedy

http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763

Remedy

https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-20217?
CVE-2018-20217 is a vulnerability in MIT Kerberos 5 (krb5) before version 1.17 that allows an attacker with a krbtgt ticket using an older encryption type to crash the KDC by making an S4U2Self request.
How does CVE-2018-20217 affect MIT Kerberos?
CVE-2018-20217 affects MIT Kerberos 5 (krb5) before version 1.17 by causing a crash in the KDC if an attacker can obtain a krbtgt ticket with an older encryption type.
What is the severity of CVE-2018-20217?
CVE-2018-20217 has a severity rating of 5.3 (medium).
How can I fix CVE-2018-20217 in MIT Kerberos?
To fix CVE-2018-20217 in MIT Kerberos, update to version 1.17 or later.
Are there any references for CVE-2018-20217?
Yes, here are some references for CVE-2018-20217: [MIT Kerberos RT Ticket](http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763), [MIT Kerberos Commit](https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086), [Debian LTS Announcement](https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html).

collector/nvd-index
agent/type
agent/softwarecombine
agent/remedy
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/author
agent/weakness
agent/severity
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/mit
canonical/mit kerberos
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.