FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

heimdal -- bypass of capath policy

Affected packages
heimdal < 7.1.0_3


VuXML ID 40a8d798-4615-11e7-8080-a4badb2f4699
Discovery 2017-04-13
Entry 2017-05-31

Viktor Dukhovni reports:

Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2. Note, this may break sites that rely on the bug. With the bug some incomplete [capaths] worked, that should not have. These may now break authentication in some cross-realm configurations. (CVE-2017-6594)


FreeBSD PR ports/219657
URL CVE-2017-6594