An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2018-5709 from the MITRE CVE dictionary dictionary and NIST NVD.
This is essentially an integer truncation issue, and not an integer overflow. We have determined that this should not affect any other data allocated close to the 16-bit integer in question "dbentry-> n_key_data". Red Hat Product Security does not consider this issue as a security flaw.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 6.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | Low |
| Availability Impact | Low |
| Platform | Package | State |
|---|---|---|
| Red Hat JBoss EWS 2 | krb5 | Not affected |
| Red Hat JBoss EAP 6 | krb5 | Will not fix |
| Red Hat JBoss Core Services 1 | krb5 | Not affected |
| Red Hat Enterprise Linux 7 | krb5 | Will not fix |
| Red Hat Enterprise Linux 6 | krb5 | Will not fix |
| Red Hat Enterprise Linux 5 | krb5 | Will not fix |
Vulmon