vulnerability
FreeBSD: VID-40A8D798-4615-11E7-8080-A4BADB2F4699: heimdal -- bypass of capath policy
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:C/A:N) | Apr 13, 2017 | May 31, 2017 | Feb 19, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:N)
Published
Apr 13, 2017
Added
May 31, 2017
Modified
Feb 19, 2025
Description
Viktor Dukhovni reports:
Commit f469fc6 (2010-10-02) inadvertently caused the
previous hop realm to not be added to the transit path of issued
tickets. This may, in some cases, enable bypass of capath policy in
Heimdal versions 1.5 through 7.2. Note, this may break sites that rely
on the bug. With the bug some incomplete [capaths] worked, that should
not have. These may now break authentication in some cross-realm
configurations. (CVE-2017-6594)
Solution
freebsd-upgrade-package-heimdal
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.