Vulnerability CVE-2018-5730


Published: 2018-03-06

Description:
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.

Type:

CWE-90

(Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection'))

Vendor: Debian
Product: Debian linux 
Version: 8.0;
Vendor: Redhat
Product: Enterprise linux server 
Version: 7.0;
Product: Enterprise linux desktop 
Version: 7.0;
Product: Enterprise linux workstation 
Version: 7.0;
Vendor: MIT
Product: Kerberos 
Version:
5_1.3.3
5_1.2
5_1.1.1
5_1.1
5_1.0.6
5_1.0
5-1.9.4
5-1.9.3
5-1.9.2
5-1.9.1
5-1.9
5-1.8.6
5-1.8.5
5-1.8.4
5-1.8.3
5-1.8.2
5-1.8.1
5-1.8
5-1.7.1
5-1.7
5-1.6.2
5-1.6.1
5-1.6
5-1.17
5-1.15.1
5-1.15
5-1.14.5
5-1.14.4
5-1.14.3
5-1.14.2
5-1.14
5-1.13.6
5-1.13.5
5-1.13.3
5-1.13.2
5-1.13.1
5-1.13
5-1.12.3
5-1.12.2
5-1.12.1
5-1.12
5-1.11.5
5-1.11.4
5-1.11.3
5-1.11.2
5-1.11.1
5-1.11
5-1.10.4
5-1.10.3
5-1.10.2
5-1.10.1
5-1.10
Vendor: Fedoraproject
Product: Fedora 
Version: 27; 26;

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
4.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
http://www.securitytracker.com/id/1042071
https://access.redhat.com/errata/RHBA-2019:0327
https://access.redhat.com/errata/RHSA-2018:3071
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869
https://bugzilla.redhat.com/show_bug.cgi?id=1551082
https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/

Related CVE
CVE-2019-14234
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contri...
CVE-2019-10171
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.
CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include rem...
CVE-2019-9848
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, w...
CVE-2019-13272
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with...
CVE-2019-10191
A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS pr...
CVE-2019-1010305
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm...
CVE-2019-7165
A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.

Copyright 2019, cxsecurity.com

 

Back to Top