Lucene search

[email protected]CVE-2018-5729

HistoryMar 06, 2018 - 8:29 p.m.

CVE-2018-5729

2018-03-0620:29:00

CWE-476

[email protected]

web.nvd.nist.gov

185

mit krb5

1.6+

authenticated kadmin

ldap

kerberos

database

denial of service

bypass

dn container

internal data

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

4.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.9%

JSON

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.

Affected configurations

NVD

Node

mitkerberos_5Range5-1.6–5-1.21.2

Node

fedoraprojectfedoraMatch26

fedoraprojectfedoraMatch27

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

CPENameOperatorVersion
mit:kerberos_5mit kerberos 5lt5-1.21.2

CPE	Name	Operator	Version
mit:kerberos_5	mit kerberos 5	lt	5-1.21.2

References

www.securitytracker.com/id/1042071

access.redhat.com/errata/RHBA-2019:0327

access.redhat.com/errata/RHSA-2018:3071

bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869

bugzilla.redhat.com/show_bug.cgi?id=1551083

github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1

lists.debian.org/debian-lts-announce/2019/01/msg00020.html

lists.debian.org/debian-lts-announce/2021/09/msg00019.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

4.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.9%

JSON

Related for CVE-2018-5729

debiancve1 veracode1 redhatcve2 prion1 osv3 ubuntucve2 nvd1 cvelist1 suse1 nessus27 ibm6 openvas13 redhat1 archlinux1 amazon2 centos1 altlinux1 fedora2 oraclelinux1 debian2 photon8 mageia1 avleonov1