{"id":"CVE-2017-11368","details":"In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.","modified":"2026-04-11T04:47:19.217240Z","published":"2017-08-09T18:29:01.450Z","related":["MGASA-2017-0256","openSUSE-SU-2024:10899-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100291"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0666"},{"type":"FIX","url":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/krb5/krb5","events":[{"introduced":"0"},{"last_affected":"f70e5ec1adf2f54da8be987c5af0b29fa82ddfc6"},{"introduced":"0"},{"last_affected":"181076092eda2125017838dad9084b38bb00e8c1"},{"introduced":"0"},{"last_affected":"83758c28e976230ce11df1db51ccee7166b89110"},{"introduced":"0"},{"last_affected":"1a9bff0e359a3642d047108d205365b2c799954e"},{"introduced":"0"},{"last_affected":"bf40ae5edb0845847d7897cedc3656301c8423bb"},{"introduced":"0"},{"last_affected":"9dc62c313469d13e956f7f9d1d5431e225cd5ff1"},{"introduced":"0"},{"last_affected":"549da09a42c313b6c99e011a79fa5eed2eda0169"},{"introduced":"0"},{"last_affected":"9524d8b0cca2b05c71402eb6335629dd3cf2de4c"},{"introduced":"0"},{"last_affected":"13c770a0a3a63afda724495623286b04b0da7b12"},{"introduced":"0"},{"last_affected":"0bd2c55c2f1a069079f72bcfb0e9b2f85c26809a"},{"introduced":"0"},{"last_affected":"ab5072dfe34986cd26bcbf4b780f5ca1e02aa0a3"},{"introduced":"0"},{"last_affected":"e3156212f7dd3ecf8cded42fe0ed4552d3c4f355"},{"introduced":"0"},{"last_affected":"0611f76795294dc24b2706fbb69fd4f2613b416b"},{"introduced":"0"},{"last_affected":"4480b5ec7aa6c838706724a071a22f98b066990b"},{"introduced":"0"},{"last_affected":"dcd12370323aeb27acbb7a0498cd61df71bd70d7"},{"introduced":"0"},{"last_affected":"cd4f6bfa01ba58232a6afab7e4cb4346cb2c7734"},{"introduced":"0"},{"last_affected":"877bdca7a323b0bc33c3c1b21f99a7655f7a7a2c"},{"introduced":"0"},{"last_affected":"3e6139176d8f3dfc92a19a938b87adc1d49e216b"},{"introduced":"0"},{"last_affected":"625d2314ba391ee787d4783ba2ec0d34473b373e"},{"introduced":"0"},{"last_affected":"af092d6b82733459f0071d22da6926859c25ab8f"},{"introduced":"0"},{"last_affected":"da9dc1bbc92884e1c7f817928176d9043f0ada34"},{"introduced":"0"},{"last_affected":"cdddd9ccb3b4ab14bd5f25429a880564222b629a"},{"introduced":"0"},{"last_affected":"c538c54695ff40952873d6723066c3aa55893f27"},{"introduced":"0"},{"last_affected":"42f69d022e61dd267a57fadfc5c50cdfd57090ac"},{"introduced":"0"},{"last_affected":"7a65ad671634093af6df120d93056d6e40e026ad"},{"introduced":"0"},{"last_affected":"d53075c8d470db496ab4a2825a80914980a84a61"},{"introduced":"0"},{"last_affected":"7df6bce331e6669d1825061c76dba5c3dad86733"},{"introduced":"0"},{"last_affected":"64fca7954952bc0d177bb14de4b363b1041db1d7"},{"introduced":"0"},{"last_affected":"a956edbc87735c8c8f6df2dbddd1c0f75020e2a5"},{"introduced":"0"},{"last_affected":"3165ae71ba685ff0f105383a2c2a27a76e8efac4"},{"introduced":"0"},{"last_affected":"2f5d3144379e251cb13797b92d47153e1ab51181"},{"introduced":"0"},{"last_affected":"7e4e051e3d2ebc06161475a42ded72c944308539"},{"introduced":"0"},{"last_affected":"233f46816c44bfa974d1d1092426ed7f8616991d"},{"introduced":"0"},{"last_affected":"1f78e158286d7cfce58fcf8dd482d81adfa3259c"},{"introduced":"0"},{"last_affected":"68237c615782cc5fd0bc372e1fa24426399ab520"},{"introduced":"0"},{"last_affected":"48401c2c17364ebd90d3422d01a159ca16ea9548"},{"introduced":"0"},{"last_affected":"4b6ba67f51b8723f53bcf7a532fedfda66f4bdbb"},{"introduced":"0"},{"last_affected":"f5ab3b3b18b7373ddfbcc2c2bd9cbe2b333f0203"},{"introduced":"0"},{"last_affected":"102087ab0ce9f8661be09f905ca546c4d471bac5"},{"introduced":"0"},{"last_affected":"feb36cf045c4ecb5b3f0da04a86a85f2fdbf71a5"},{"introduced":"0"},{"last_affected":"68a03305111126a183dbd3779497ed9e00be6e0a"},{"introduced":"0"},{"last_affected":"3a3e096c07eefcb889f6c330f271a322e29c246a"},{"introduced":"0"},{"last_affected":"da9c3ecfae66d2d61c9f22f3d4d2a4d643cfd9c8"},{"introduced":"0"},{"last_affected":"747204921f955bf8239f86c7f5490ff5af426836"},{"introduced":"0"},{"last_affected":"3051931836c20208100b8f9d938145c6c5c702e8"},{"introduced":"0"},{"last_affected":"b9ad6c49505c96a088326b62a52568e3484f2168"},{"fixed":"ffb35baac6981f9e8914f8f3bffd37f284b85970"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7"},{"introduced":"0"},{"last_affected":"1.7.1"},{"introduced":"0"},{"last_affected":"1.8"},{"introduced":"0"},{"last_affected":"1.8.1"},{"introduced":"0"},{"last_affected":"1.8.2"},{"introduced":"0"},{"last_affected":"1.8.3"},{"introduced":"0"},{"last_affected":"1.8.4"},{"introduced":"0"},{"last_affected":"1.8.5"},{"introduced":"0"},{"last_affected":"1.8.6"},{"introduced":"0"},{"last_affected":"1.9"},{"introduced":"0"},{"last_affected":"1.9.1"},{"introduced":"0"},{"last_affected":"1.9.2"},{"introduced":"0"},{"last_affected":"1.9.3"},{"introduced":"0"},{"last_affected":"1.9.4"},{"introduced":"0"},{"last_affected":"1.10"},{"introduced":"0"},{"last_affected":"1.10.1"},{"introduced":"0"},{"last_affected":"1.10.2"},{"introduced":"0"},{"last_affected":"1.10.3"},{"introduced":"0"},{"last_affected":"1.10.4"},{"introduced":"0"},{"last_affected":"1.11"},{"introduced":"0"},{"last_affected":"1.11.1"},{"introduced":"0"},{"last_affected":"1.11.2"},{"introduced":"0"},{"last_affected":"1.11.3"},{"introduced":"0"},{"last_affected":"1.11.4"},{"introduced":"0"},{"last_affected":"1.11.5"},{"introduced":"0"},{"last_affected":"1.12"},{"introduced":"0"},{"last_affected":"1.12.1"},{"introduced":"0"},{"last_affected":"1.12.2"},{"introduced":"0"},{"last_affected":"1.12.3"},{"introduced":"0"},{"last_affected":"1.13"},{"introduced":"0"},{"last_affected":"1.13.1"},{"introduced":"0"},{"last_affected":"1.13.2"},{"introduced":"0"},{"last_affected":"1.13.3"},{"introduced":"0"},{"last_affected":"1.13.5"},{"introduced":"0"},{"last_affected":"1.13.6"},{"introduced":"0"},{"last_affected":"1.14"},{"introduced":"0"},{"last_affected":"1.14-alpha1"},{"introduced":"0"},{"last_affected":"1.14-beta1"},{"introduced":"0"},{"last_affected":"1.14-beta2"},{"introduced":"0"},{"last_affected":"1.14.1"},{"introduced":"0"},{"last_affected":"1.14.2"},{"introduced":"0"},{"last_affected":"1.14.3"},{"introduced":"0"},{"last_affected":"1.14.4"},{"introduced":"0"},{"last_affected":"1.14.5"},{"introduced":"0"},{"last_affected":"1.15"},{"introduced":"0"},{"last_affected":"1.15.1"}]}}],"versions":["kfw-4.0-final","kfw-4.0.1-beta1","kfw-4.0.1-final","kfw-4.1-beta1","kfw-4.1-beta2","kfw-4.1-beta3","kfw-4.1-beta3-mit","krb5-1.10-final","krb5-1.10.1-final","krb5-1.10.2-final","krb5-1.10.3-final","krb5-1.10.4-final","krb5-1.11-alpha1","krb5-1.11-beta1","krb5-1.11-beta2","krb5-1.11-final","krb5-1.11.1-final","krb5-1.11.2-final","krb5-1.11.3-final","krb5-1.11.4-final","krb5-1.11.5-final","krb5-1.12-alpha1","krb5-1.12-beta1","krb5-1.12-beta2","krb5-1.12-final","krb5-1.12.1-final","krb5-1.12.2-final","krb5-1.12.3-final","krb5-1.13-alpha1","krb5-1.13-beta1","krb5-1.13-final","krb5-1.13.1-final","krb5-1.13.2-final","krb5-1.13.3-final","krb5-1.13.4-final","krb5-1.13.5-final","krb5-1.13.6-final","krb5-1.14-alpha1","krb5-1.14-beta1","krb5-1.14-beta2","krb5-1.14-final","krb5-1.14.1-final","krb5-1.14.2-final","krb5-1.14.3-final","krb5-1.14.4-final","krb5-1.14.5-final","krb5-1.15-beta1","krb5-1.15-beta2","krb5-1.15-final","krb5-1.15.1-final","krb5-1.7-final","krb5-1.7.1-final","krb5-1.8-final","krb5-1.8.1-final","krb5-1.8.2-final","krb5-1.8.3-final","krb5-1.8.4-final","krb5-1.8.5-final","krb5-1.8.6-final","krb5-1.9-final","krb5-1.9.1-final","krb5-1.9.2-final","krb5-1.9.3-final","krb5-1.9.4-final"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:47:19Z","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"330028959243753203609613709933773874074","length":653},"target":{"file":"src/kdc/kdc_util.c","function":"kdc_process_s4u2proxy_req"},"deprecated":false,"id":"CVE-2017-11368-16ce6abc","source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"},{"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"83240240999769545177314307306634696539","length":15624},"target":{"file":"src/kdc/do_tgs_req.c","function":"process_tgs_req"},"deprecated":false,"id":"CVE-2017-11368-5bf800eb","source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"},{"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"156221043922931185817485653085623573900","length":673},"target":{"file":"src/kdc/kdc_util.c","function":"kdc_process_for_user"},"deprecated":false,"id":"CVE-2017-11368-755de4b8","source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"},{"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["283975676019297401139999035662419444645","282672820768443496025395926450658577906","47215875968588905788377893875480578522","91415356043600347659629545620442554514","99052052106133597793956133896851414116","184992862356724350174483412619012981443","180808050400054218726783860965016757985","298778936289824725957268107039822507847","73155155861381541010112379124029782245","99432362990357885032626879684404162822","218227452749620134082433343964277257909","114506724569938914743330379561712543200","37246406000188172841916433720272670724","78014914416155917900049677080906534854","272232022684417892734841124247077554087","298769036358435233077422396747719161328","129707705023951043827643630971048549541","70541791018619243244654308933730348437"]},"target":{"file":"src/kdc/kdc_util.c"},"deprecated":false,"id":"CVE-2017-11368-a6179004","source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"},{"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"74531147696732265420744333821386430488","length":771},"target":{"file":"src/kdc/kdc_util.c","function":"kdc_process_s4u_x509_user"},"deprecated":false,"id":"CVE-2017-11368-ae10ded1","source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"},{"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["325367889476803086856633468511928700848","68989466184981042379603439399162329417","173256510690270124507023254971734967536","115082524213724777578031700444571321986"]},"target":{"file":"src/kdc/do_tgs_req.c"},"deprecated":false,"id":"CVE-2017-11368-ca597638","source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"},{"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["311703179622825782984481815100440141886","256372248361650419130344277581095724040","89102105830819084952166022460426190619","108192380190004863950675277511866253291","44123480385076308243782818462219067811"]},"target":{"file":"src/kdc/do_as_req.c"},"deprecated":false,"id":"CVE-2017-11368-ea438f50","source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"},{"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"176621686112374436775066263314571356236","length":7164},"target":{"file":"src/kdc/do_as_req.c","function":"finish_process_as_req"},"deprecated":false,"id":"CVE-2017-11368-fcaca95d","source":"https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"25"}]},{"events":[{"introduced":"0"},{"last_affected":"26"}]},{"events":[{"introduced":"0"},{"last_affected":"5-1.13.7"}]},{"events":[{"introduced":"0"},{"last_affected":"1.15.1-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.15.1-beta2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11368.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}