CVE-2018-5729 - MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Ke

CVE-2018-5729

Summary

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.

References

Vulnerable Configurations

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 23-05-2024 - 17:52)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

redhat via4

advisories

rhsa
id RHBA-2019:0327
rhsa
id RHSA-2018:3071

rpms

krb5-debuginfo-0:1.15.1-34.el7
krb5-devel-0:1.15.1-34.el7
krb5-libs-0:1.15.1-34.el7
krb5-pkinit-0:1.15.1-34.el7
krb5-server-0:1.15.1-34.el7
krb5-server-ldap-0:1.15.1-34.el7
krb5-workstation-0:1.15.1-34.el7
libkadm5-0:1.15.1-34.el7

refmap via4

confirm	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869 https://bugzilla.redhat.com/show_bug.cgi?id=1551083 https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
fedora	FEDORA-2018-391a1f3e61 FEDORA-2018-f97cb1c9b0
mlist	[debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update
sectrack	1042071

Last major update

23-05-2024 - 17:52

Published

06-03-2018 - 20:29

Last modified

23-05-2024 - 17:52