Published: 06/03/2018 Updated: 07/11/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 4.7 | Impact Score: 3.4 | Exploitability Score: 1.2

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5
fedoraproject fedora 26
fedoraproject fedora 27
debian debian linux 8.0
debian debian linux 9.0
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0

Synopsis Low: krb5 security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for krb5 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base scor ...

Debian Bug report logs - #889685 krb5: CVE-2018-5710 Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 5 Feb 2018 20:51:05 UTC Severity: important Tags: patch, security, upstream Merged with 891869 Found in versions krb5 ...

Debian Bug report logs - #891869 krb5: CVE-2018-5729 CVE-2018-5730 Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Mar 2018 21:00:02 UTC Severity: important Tags: patch, security, upstream Merged with 889685 Found in ...

MIT krb5 16 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN ...

MIT krb5 16 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module ...

A flaw was found in MIT krb5 16 or later, an authenticated kadmin user with permission to add principals to an LDAP Kerberos database can cause a null dereference in kadmind, or circumvent a DN container check, by supplying tagged data intended to be internal to the database module ...

CWE-476 https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1 https://bugzilla.redhat.com/show_bug.cgi?id=1551083 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869 https://access.redhat.com/errata/RHSA-2018:3071 http://www.securitytracker.com/id/1042071 https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html https://access.redhat.com/errata/RHBA-2019:0327 https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/https://access.redhat.com/errata/RHSA-2018:3071 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2018-1129.html

CVE-2018-5729

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect