Denial of Service Vulnerability in MIT Kerberos Database by Authenticated kadmin
CVE-2018-5729

4.7MEDIUM

Key Information:

Vendor

Mit

Status
Kerberos 5
Vendor
CVE Published:
6 March 2018

What is CVE-2018-5729?

A vulnerability exists in MIT Kerberos versions 1.6 and later, which enables an authenticated kadmin with the necessary permissions to exploit the LDAP Kerberos database. By supplying specially crafted tagged data, the attacker can induce a denial of service through NULL pointer dereferences or bypass critical DN container checks. This flaw potentially compromises the integrity and availability of the affected Kerberos database, posing significant risks to systems relying on Kerberos authentication.

References

http://www.securitytracker.com/id/1042071
vdb-entryx_refsource_SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=1551083
x_refsource_CONFIRM
https://github.com/krb5/krb5/commit/e1caf6fb74981da620398...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.