vulnerability

Ubuntu: (Multiple Advisories) (CVE-2019-12098): Heimdal vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	2019-05-15	2022-10-14	2024-11-15

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

2019-05-15

Added

2022-10-14

Modified

2024-11-15

Description

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

Solution(s)

ubuntu-pro-upgrade-heimdal-clientsubuntu-pro-upgrade-heimdal-clients-xubuntu-pro-upgrade-heimdal-kcmubuntu-pro-upgrade-heimdal-kdcubuntu-pro-upgrade-heimdal-serversubuntu-pro-upgrade-heimdal-servers-xubuntu-pro-upgrade-libgssapi3-heimdalubuntu-pro-upgrade-libkdc2-heimdalubuntu-pro-upgrade-libkrb5-26-heimdal

References

CVE-2019-12098
https://attackerkb.com/topics/CVE-2019-12098
DEBIAN-DSA-4455
NVD-CVE-2019-12098
UBUNTU-USN-3976-1
UBUNTU-USN-3976-2
UBUNTU-USN-5142-1
UBUNTU-USN-5174-1
UBUNTU-USN-5675-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today