CVE-2017-6594
Summary
| CVE | CVE-2017-6594 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-08-28 19:29:00 UTC |
| Updated | 2021-08-12 17:50:00 UTC |
| Description | The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. |
Risk And Classification
Problem Types: CWE-295
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | H5l | Heimdal | All | All | All | All |
| Application | Heimdal Project | Heimdal | All | All | All | All |
| Operating System | Opensuse | Leap | 42.2 | All | All | All |
| Operating System | Opensuse | Leap | 42.3 | All | All | All |
| Operating System | Opensuse | Leap | 42.2 | All | All | All |
| Operating System | Opensuse Project | Leap | 42.3 | All | All | All |
| Operating System | Opensuse Project | Leap | 42.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Release Heimdal 7.3 · heimdal/heimdal · GitHub | CONFIRM | github.com | Issue Tracking, Patch, Third Party Advisory |
| openSUSE-SU-2017:2180-1: moderate: Security update for libheimdal | SUSE | lists.opensuse.org | Third Party Advisory |
| Fix transit path validation CVE-2017-6594 · heimdal/heimdal@b1e6991 · GitHub | CONFIRM | github.com | Issue Tracking, Patch, Third Party Advisory |
| Heimdal security advisories | CONFIRM | www.h5l.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.