CVE-2018-5709

Published: 16 January 2018

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Priority

Negligible

CVSS 3 base score: 7.5

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
Upstream Deferred

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.10 (Groovy Gorilla) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed

Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
ebarretto
according to debian security tracker: non-issue, codepath is
only run on trusted input, potential integer overflow is
non-issue

References