ID CVE-2018-5730
Summary MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos_5:16.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:16.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 5.5 (as of 18-04-2022 - 17:30)
Impact:
Exploitability:
CWE CWE-90
CAPEC
  • LDAP Injection
    An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:N
redhat via4
advisories
  • bugzilla
    id 1599721
    title ipa-server-install fails when FIPS mode is enabled
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment krb5-devel is earlier than 0:1.15.1-34.el7
            oval oval:com.redhat.rhsa:tst:20183071001
          • comment krb5-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20192599002
        • AND
          • comment krb5-libs is earlier than 0:1.15.1-34.el7
            oval oval:com.redhat.rhsa:tst:20183071003
          • comment krb5-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20192599004
        • AND
          • comment krb5-pkinit is earlier than 0:1.15.1-34.el7
            oval oval:com.redhat.rhsa:tst:20183071005
          • comment krb5-pkinit is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20192599006
        • AND
          • comment krb5-server is earlier than 0:1.15.1-34.el7
            oval oval:com.redhat.rhsa:tst:20183071007
          • comment krb5-server is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20192599008
        • AND
          • comment krb5-server-ldap is earlier than 0:1.15.1-34.el7
            oval oval:com.redhat.rhsa:tst:20183071009
          • comment krb5-server-ldap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20192599010
        • AND
          • comment krb5-workstation is earlier than 0:1.15.1-34.el7
            oval oval:com.redhat.rhsa:tst:20183071011
          • comment krb5-workstation is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20192599012
        • AND
          • comment libkadm5 is earlier than 0:1.15.1-34.el7
            oval oval:com.redhat.rhsa:tst:20183071013
          • comment libkadm5 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20192599014
    rhsa
    id RHSA-2018:3071
    released 2018-10-30
    severity Low
    title RHSA-2018:3071: krb5 security, bug fix, and enhancement update (Low)
  • rhsa
    id RHBA-2019:0327
rpms
  • krb5-debuginfo-0:1.15.1-34.el7
  • krb5-devel-0:1.15.1-34.el7
  • krb5-libs-0:1.15.1-34.el7
  • krb5-pkinit-0:1.15.1-34.el7
  • krb5-server-0:1.15.1-34.el7
  • krb5-server-ldap-0:1.15.1-34.el7
  • krb5-workstation-0:1.15.1-34.el7
  • libkadm5-0:1.15.1-34.el7
refmap via4
confirm
fedora
  • FEDORA-2018-391a1f3e61
  • FEDORA-2018-f97cb1c9b0
mlist [debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update
sectrack 1042071
Last major update 18-04-2022 - 17:30
Published 06-03-2018 - 20:29
Last modified 18-04-2022 - 17:30
Back to Top