Heimdal in versions earlier than 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification.
See CVE-2017-11103 for more details.
Resolution / Workaround
To mitigate this issue, apply the hotfix HFBM-0202 (BoKS 7.1), HFBM-0203 (BoKS 7.0), HFBM-0205 (BoKS 6.7) or HFBM-0206 (BoKS 6.6), available for download from the HelpSystems Community Portal.
Please note that HFBM-0206 (For BoKS 6.6) introduces a dependency on the execquote binary without actually including it. To mitigate that problem, please install either HFBM-0164 or HFBM-0241 in conjunction with HFBM-0206.
These hotfixes provide binaries built against a patched Heimdal, version 1.3.3 (BoKS 6.6) versus Heimdal version 1.5.2 (BoKS 6.7, 7.0 and 7.1) that contains the security fix from Heimdal 7.4.
Still have questions? We can help. Submit a case to Technical Support.