Denial of Service Vulnerability in MIT Kerberos 5 by MIT
CVE-2018-5710

6.5MEDIUM

Key Information:

Vendor: Mit
Status: Kerberos
Vendor: CVE Published:; 16 January 2018

What is CVE-2018-5710?

A vulnerability exists in MIT Kerberos 5 where the 'strlen' function can receive a NULL string as a parameter. This issue is located in the Key Distribution Center (KDC) within the ldap_principal2.c file. A remote authenticated user can exploit this vulnerability by using a modified kadmin client to cause a denial of service condition through a NULL pointer dereference. This can lead to system instability and service interruptions, effectively impacting users relying on Kerberos for authentication services.

References

https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabili...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2018
Vulnerability Reserved
Jan 16, 2018

CVE-2018-5710 Data

JSON

Mit

What is CVE-2018-5710?

References

CVSS V3.1

Timeline