ID CVE-2018-5730
Summary MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
References
Vulnerable Configurations
  • MIT Kerberos 5 1.6
    cpe:2.3:a:mit:kerberos:5-1.6
  • MIT Kerberos 5 1.6.1
    cpe:2.3:a:mit:kerberos:5-1.6.1
  • MIT Kerberos 5 1.6.2
    cpe:2.3:a:mit:kerberos:5-1.6.2
  • MIT Kerberos 5 1.7
    cpe:2.3:a:mit:kerberos:5-1.7
  • MIT Kerberos 5 1.7.1
    cpe:2.3:a:mit:kerberos:5-1.7.1
  • MIT Kerberos 5 1.8
    cpe:2.3:a:mit:kerberos:5-1.8
  • MIT Kerberos 5 1.8.1
    cpe:2.3:a:mit:kerberos:5-1.8.1
  • MIT Kerberos 5 1.8.2
    cpe:2.3:a:mit:kerberos:5-1.8.2
  • MIT Kerberos 5 1.8.3
    cpe:2.3:a:mit:kerberos:5-1.8.3
  • MIT Kerberos 5 1.8.4
    cpe:2.3:a:mit:kerberos:5-1.8.4
  • MIT Kerberos 5 1.8.5
    cpe:2.3:a:mit:kerberos:5-1.8.5
  • MIT Kerberos 5 1.8.6
    cpe:2.3:a:mit:kerberos:5-1.8.6
  • MIT Kerberos 5 1.9
    cpe:2.3:a:mit:kerberos:5-1.9
  • MIT Kerberos 5 1.9.1
    cpe:2.3:a:mit:kerberos:5-1.9.1
  • MIT Kerberos 5 1.9.2
    cpe:2.3:a:mit:kerberos:5-1.9.2
  • MIT Kerberos 5 1.9.3
    cpe:2.3:a:mit:kerberos:5-1.9.3
  • MIT Kerberos 5 1.9.4
    cpe:2.3:a:mit:kerberos:5-1.9.4
  • MIT Kerberos 5 1.10
    cpe:2.3:a:mit:kerberos:5-1.10
  • MIT Kerberos 5 1.10.1
    cpe:2.3:a:mit:kerberos:5-1.10.1
  • MIT Kerberos 5 1.10.2
    cpe:2.3:a:mit:kerberos:5-1.10.2
  • MIT Kerberos 5 1.10.3
    cpe:2.3:a:mit:kerberos:5-1.10.3
  • MIT Kerberos 5 1.10.4
    cpe:2.3:a:mit:kerberos:5-1.10.4
  • MIT Kerberos 5 1.11
    cpe:2.3:a:mit:kerberos:5-1.11
  • MIT Kerberos 5 1.11.1
    cpe:2.3:a:mit:kerberos:5-1.11.1
  • MIT Kerberos 5 1.11.2
    cpe:2.3:a:mit:kerberos:5-1.11.2
  • MIT Kerberos 5 1.11.3
    cpe:2.3:a:mit:kerberos:5-1.11.3
  • MIT Kerberos 5 1.11.4
    cpe:2.3:a:mit:kerberos:5-1.11.4
  • MIT Kerberos 5 1.11.5
    cpe:2.3:a:mit:kerberos:5-1.11.5
  • MIT Kerberos 5 1.12
    cpe:2.3:a:mit:kerberos:5-1.12
  • MIT Kerberos 5 1.12.1
    cpe:2.3:a:mit:kerberos:5-1.12.1
  • MIT Kerberos 5 1.12.2
    cpe:2.3:a:mit:kerberos:5-1.12.2
  • MIT Kerberos 5 1.12.3
    cpe:2.3:a:mit:kerberos:5-1.12.3
  • MIT Kerberos 5-1.13
    cpe:2.3:a:mit:kerberos:5-1.13
  • MIT Kerberos 5 1.13.1
    cpe:2.3:a:mit:kerberos:5-1.13.1
  • MIT Kerberos 5 1.13.2
    cpe:2.3:a:mit:kerberos:5-1.13.2
  • MIT Kerberos 5 1.13.3
    cpe:2.3:a:mit:kerberos:5-1.13.3
  • MIT Kerberos 5-1.13.5
    cpe:2.3:a:mit:kerberos:5-1.13.5
  • MIT Kerberos 5-1.13.6
    cpe:2.3:a:mit:kerberos:5-1.13.6
  • MIT Kerberos 5-1.14 Alpha 1
    cpe:2.3:a:mit:kerberos:5-1.14:alpha1
  • MIT Kerberos 5-1.14 Beta 1
    cpe:2.3:a:mit:kerberos:5-1.14:beta1
  • MIT Kerberos 5 1.14 Beta2
    cpe:2.3:a:mit:kerberos:5-1.14:beta2
  • MIT Kerberos 5-1.14.2
    cpe:2.3:a:mit:kerberos:5-1.14.2
  • MIT Kerberos 5-1.14.3
    cpe:2.3:a:mit:kerberos:5-1.14.3
  • MIT Kerberos 5-1.14.4
    cpe:2.3:a:mit:kerberos:5-1.14.4
  • MIT Kerberos 5-1.14.5
    cpe:2.3:a:mit:kerberos:5-1.14.5
  • MIT Kerberos 5-1.15
    cpe:2.3:a:mit:kerberos:5-1.15
  • MIT Kerberos 5-1.15.1
    cpe:2.3:a:mit:kerberos:5-1.15.1
  • MIT Kerberos 5-1.15.1 Beta 1
    cpe:2.3:a:mit:kerberos:5-1.15.1:beta1
  • MIT Kerberos 5-1.15.1 Beta 2
    cpe:2.3:a:mit:kerberos:5-1.15.1:beta2
  • MIT Kerberos 5 krb5_1.0
    cpe:2.3:a:mit:kerberos:5_1.0
  • MIT Kerberos 5 1.0.6
    cpe:2.3:a:mit:kerberos:5_1.0.6
  • MIT Kerberos 5 1.1
    cpe:2.3:a:mit:kerberos:5_1.1
  • MIT Kerberos 5 1.1.1
    cpe:2.3:a:mit:kerberos:5_1.1.1
  • MIT Kerberos 5 5.0_1.2 Beta1
    cpe:2.3:a:mit:kerberos:5_1.2:beta1
  • MIT Kerberos 5 5.0_1.2 Beta2
    cpe:2.3:a:mit:kerberos:5_1.2:beta2
  • MIT Kerberos 5 5.0_1.3.3
    cpe:2.3:a:mit:kerberos:5_1.3.3
  • Fedora 26
    cpe:2.3:o:fedoraproject:fedora:26
  • Fedora 27
    cpe:2.3:o:fedoraproject:fedora:27
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
CVSS
Base: 5.5
Impact:
Exploitability:
CWE CWE-90
CAPEC
  • LDAP Injection
    An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-328.NASL
    description This update for krb5 provides the following fixes : Security issues fixed : - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). - CVE-2018-5729: NULL pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). Non-security issues fixed : - Make it possible for legacy applications (e.g. SAP Netweaver) to remain compatible with newer Kerberos. System administrators who are experiencing this kind of compatibility issues may set the environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value, and make sure the environment variable is visible and effective to the application startup script. (bsc#1057662) - Fix a GSS failure in legacy applications by not indicating deprecated GSS mechanisms in gss_indicate_mech() list. (bsc#1081725) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 108783
    published 2018-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108783
    title openSUSE Security Update : krb5 (openSUSE-2018-328)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3071.NASL
    description An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 118523
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118523
    title RHEL 7 : krb5 (RHSA-2018:3071)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2019-0175-1.NASL
    description This update for krb5 fixes the following issues : Security issues fixed : CVE-2018-5729, CVE-2018-5730: Fixed multiple flaws in LDAP DN checking (bsc#1083926, bsc#1083927) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-28
    plugin id 121416
    published 2019-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121416
    title SUSE SLED15 / SLES15 Security Update : krb5 (SUSE-SU-2019:0175-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-3071.NASL
    description From Red Hat Security Advisory 2018:3071 : An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-07
    plugin id 118768
    published 2018-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118768
    title Oracle Linux 7 : krb5 (ELSA-2018-3071)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0177.NASL
    description An update of 'krb5' packages of Photon OS has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 112034
    published 2018-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112034
    title Photon OS 1.0: Krb5 PHSA-2018-1.0-0177 (deprecated)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0087_KRB5.NASL
    description An update of the krb5 package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121987
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121987
    title Photon OS 2.0: Krb5 PHSA-2018-2.0-0087
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0177_KRB5.NASL
    description An update of the krb5 package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121878
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121878
    title Photon OS 1.0: Krb5 PHSA-2018-1.0-0177
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1398.NASL
    description According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) - DN container check bypass by supplying special crafted data (CVE-2018-5730) - A stack based buffer overflow was found in the get_matching_data() function, when reading the principal's certificate during pkinit preauthentication. If the Certifcate Authority's subject line is sufficiently long, an attacker able to have a specially crafted certificate signed could crash the authentication process, such as kinit, or, possibly, run arbitrary code.(CVE-2017-15088 ) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-10
    plugin id 119526
    published 2018-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119526
    title EulerOS 2.0 SP3 : krb5 (EulerOS-SA-2018-1398)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0087.NASL
    description An update of 'krb5', 'postgresql' packages of Photon OS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 112220
    published 2018-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112220
    title Photon OS 2.0: Krb5 / Postgresql PHSA-2018-2.0-0087 (deprecated)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1643.NASL
    description krb5, a MIT Kerberos implementation, had several flaws in LDAP DN checking, which could be used to circumvent a DN containership check by supplying special parameters to some calls. Further an attacker could crash the KDC by making S4U2Self requests. For Debian 8 'Jessie', these problems have been fixed in version 1.12.1+dfsg-19+deb8u5. We recommend that you upgrade your krb5 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-05
    plugin id 121399
    published 2019-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121399
    title Debian DLA-1643-1 : krb5 security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0859-1.NASL
    description This update for krb5 fixes several issues. This security issue was fixed : - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995). - CVE-2018-5729: NULL pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 108826
    published 2018-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108826
    title SUSE SLES11 Security Update : krb5 (SUSE-SU-2018:0859-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-391A1F3E61.NASL
    description Fix CVE-2018-5729, CVE-2018-5730. These are low-impact, requiring administrator access to exploit. ---- Fix leak in previous version. ---- Always read config snippets in alphabetical order per-directory. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 106908
    published 2018-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106908
    title Fedora 27 : krb5 (2018-391a1f3e61)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20181030_KRB5_ON_SL7_X.NASL
    description Security Fix(es) : - krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) - krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 119188
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119188
    title Scientific Linux Security Update : krb5 on SL7.x x86_64
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1129.NASL
    description MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a 'linkdn' and 'containerdn' database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. (CVE-2018-5730) MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. (CVE-2018-5729)
    last seen 2019-02-21
    modified 2019-01-25
    plugin id 121361
    published 2019-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121361
    title Amazon Linux AMI : krb5 (ALAS-2018-1129)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-F97CB1C9B0.NASL
    description Fix CVE-2018-5729, CVE-2018-5730. These are low-impact, requiring administrator access to exploit. ---- Fix leak in previous version. ---- Always read config snippets in alphabetical order per-directory. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 107108
    published 2018-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107108
    title Fedora 26 : krb5 (2018-f97cb1c9b0)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-3071.NASL
    description An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 118988
    published 2018-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118988
    title CentOS 7 : krb5 (CESA-2018:3071)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0846-1.NASL
    description This update for krb5 provides the following fixes: Security issues fixed : - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). - CVE-2018-5729: NULL pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). Non-security issues fixed : - Make it possible for legacy applications (e.g. SAP Netweaver) to remain compatible with newer Kerberos. System administrators who are experiencing this kind of compatibility issues may set the environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value, and make sure the environment variable is visible and effective to the application startup script. (bsc#1057662) - Fix a GSS failure in legacy applications by not indicating deprecated GSS mechanisms in gss_indicate_mech() list. (bsc#1081725) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 108747
    published 2018-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108747
    title SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2018:0846-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1425.NASL
    description According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) - DN container check bypass by supplying special crafted data (CVE-2018-5730) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 119914
    published 2018-12-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119914
    title EulerOS 2.0 SP2 : krb5 (EulerOS-SA-2018-1425)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2019-139.NASL
    description This update for krb5 fixes the following issues : Security issues fixed : - CVE-2018-5729, CVE-2018-5730: Fixed multiple flaws in LDAP DN checking (bsc#1083926, bsc#1083927) This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2019-02-06
    plugin id 121609
    published 2019-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121609
    title openSUSE Security Update : krb5 (openSUSE-2019-139)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1129.NASL
    description MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a 'linkdn' and 'containerdn' database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.(CVE-2018-5730) MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.(CVE-2018-5729)
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 119784
    published 2018-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119784
    title Amazon Linux 2 : krb5 (ALAS-2018-1129)
redhat via4
advisories
bugzilla
id 1599721
title ipa-server-install fails when FIPS mode is enabled
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment krb5-devel is earlier than 0:1.15.1-34.el7
        oval oval:com.redhat.rhsa:tst:20183071011
      • comment krb5-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863012
    • AND
      • comment krb5-libs is earlier than 0:1.15.1-34.el7
        oval oval:com.redhat.rhsa:tst:20183071005
      • comment krb5-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863016
    • AND
      • comment krb5-pkinit is earlier than 0:1.15.1-34.el7
        oval oval:com.redhat.rhsa:tst:20183071009
      • comment krb5-pkinit is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150439006
    • AND
      • comment krb5-server is earlier than 0:1.15.1-34.el7
        oval oval:com.redhat.rhsa:tst:20183071007
      • comment krb5-server is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863010
    • AND
      • comment krb5-server-ldap is earlier than 0:1.15.1-34.el7
        oval oval:com.redhat.rhsa:tst:20183071015
      • comment krb5-server-ldap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863006
    • AND
      • comment krb5-workstation is earlier than 0:1.15.1-34.el7
        oval oval:com.redhat.rhsa:tst:20183071017
      • comment krb5-workstation is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863014
    • AND
      • comment libkadm5 is earlier than 0:1.15.1-34.el7
        oval oval:com.redhat.rhsa:tst:20183071013
      • comment libkadm5 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162591008
rhsa
id RHSA-2018:3071
released 2018-10-30
severity Low
title RHSA-2018:3071: krb5 security, bug fix, and enhancement update (Low)
rpms
  • krb5-devel-0:1.15.1-34.el7
  • krb5-libs-0:1.15.1-34.el7
  • krb5-pkinit-0:1.15.1-34.el7
  • krb5-server-0:1.15.1-34.el7
  • krb5-server-ldap-0:1.15.1-34.el7
  • krb5-workstation-0:1.15.1-34.el7
  • libkadm5-0:1.15.1-34.el7
refmap via4
confirm
fedora
  • FEDORA-2018-391a1f3e61
  • FEDORA-2018-f97cb1c9b0
mlist [debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update
sectrack 1042071
Last major update 06-03-2018 - 15:29
Published 06-03-2018 - 15:29
Last modified 06-03-2019 - 13:03
Back to Top