Heimdal in versions earlier than 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification.

See CVE-2017-11103 for more details.

Resolution / Workaround

To mitigate this issue, apply the hotfix HFBM-0202 (BoKS 7.1), HFBM-0203 (BoKS 7.0), HFBM-0205 (BoKS 6.7) or HFBM-0206 (BoKS 6.6), available for download from the HelpSystems Community Portal.

Please note that HFBM-0206 (For BoKS 6.6) introduces a dependency on the execquote binary without actually including it. To mitigate that problem, please install either HFBM-0164 or HFBM-0241 in conjunction with HFBM-0206.

These hotfixes provide binaries built against a patched Heimdal, version 1.3.3 (BoKS 6.6) versus Heimdal version 1.5.2 (BoKS 6.7, 7.0 and 7.1) that contains the security fix from Heimdal 7.4.

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018