2 matches found
Updated krb5 packages fix security vulnerabilities
Updated krb5 packages fix security vulnerabilities: An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the Key Distribution Center KDC, which allows...
CVE-2018-5710
MIT Kerberos 5 (krb5) up to 1.16 is affected by CVE-2018-5710 (along with CVE-2018-5729, CVE-2018-5730). The issue is in KDC’s plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c where a NULL string is passed to strlen, enabling a remote authenticated user to cause a denial of service via a modified k...