vulnerability
Arch Linux: Denial of service (CVE-2017-11368)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:N/A:P) | Aug 9, 2017 | Jul 11, 2025 | Nov 27, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Published
Aug 9, 2017
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request.
Solution
arch-linux-upgrade-latest
References
- CVE-2017-11368
- https://attackerkb.com/topics/CVE-2017-11368
- URL-http://www.securityfocus.com/bid/100291
- URL-https://access.redhat.com/errata/RHSA-2018:0666
- URL-https://github.com/krb5/krb5/commit/ffb35baac6981f9e8914f8f3bffd37f284b85970
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HNWXM6OQU7G23MG7XWIOBRGP43ECLDT/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBUTXMNZWMVJLQ4NDX5OQFPUVCJRLV3W/
- URL-https://security.archlinux.org/ASA-201710-8
- URL-https://web.mit.edu/kerberos/krb5-1.15/
- CWE-617
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.