ID CVE-2018-5729
Summary MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos_5:16.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:16.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 26-04-2019 - 13:23)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHBA-2019:0327
  • rhsa
    id RHSA-2018:3071
rpms
  • krb5-devel-0:1.15.1-34.el7
  • krb5-libs-0:1.15.1-34.el7
  • krb5-pkinit-0:1.15.1-34.el7
  • krb5-server-0:1.15.1-34.el7
  • krb5-server-ldap-0:1.15.1-34.el7
  • krb5-workstation-0:1.15.1-34.el7
  • libkadm5-0:1.15.1-34.el7
refmap via4
confirm
fedora
  • FEDORA-2018-391a1f3e61
  • FEDORA-2018-f97cb1c9b0
mlist [debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update
sectrack 1042071
Last major update 26-04-2019 - 13:23
Published 06-03-2018 - 20:29
Last modified 21-01-2020 - 15:47
Back to Top