Executive Summary

Title heimdal security update
Name DSA-4455 First vendor Publication 2019-06-03
Vendor Debian Last vendor Modification 2019-06-03
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Cvss Base Score 6 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores


Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos.


Isaac Boukris and Andrew Bartlett discovered that Heimdal was susceptible to man-in-the-middle attacks caused by incomplete checksum validation. Details on the issue can be found in the Samba advisory at https://www.samba.org/samba/security/CVE-2018-16860.html


It was discovered that failure of verification of the PA-PKINIT-KX key exchange client-side could permit to perform man-in-the-middle attack.

For the stable distribution (stretch), these problems have been fixed in version 7.1.0+dfsg-13+deb9u3.

We recommend that you upgrade your heimdal packages.

For the detailed security status of heimdal please refer to its security tracker page at: https://security-tracker.debian.org/tracker/heimdal

Original Source

Url : http://www.debian.org/security/2019/dsa-4455

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-358 Improperly Implemented Security Check for Standard
50 % CWE-320 Key Management Errors

CPE : Common Platform Enumeration

Application 1
Application 367

Alert History

If you want to see full details history, please login or register.
Date Informations
2019-08-15 12:10:18
  • Multiple Updates
2019-06-04 00:18:22
  • First insertion