81 matches found
Null pointer dereference
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...
CVE-2018-5729
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...
CVE-2018-5730
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN stri...
UBUNTU-CVE-2018-5729
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...
CVE-2018-5729
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...
CVE-2018-5730
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN stri...
CVE-2018-5729
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...
DEBIAN-CVE-2018-5729
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...
CVE-2018-5730
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN stri...
CVE-2018-5729
CVE-2018-5729 (and CVE-2018-5730) affects MIT Kerberos 5 (krb5) where an authenticated kadmin user with LDAP-principal-adding rights can cause a NULL pointer dereference or bypass a DN container check by supplying crafted data or DN arguments. The issue stems from insufficient validation in the K...
CVE-2018-5730
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN stri...
CVE-2018-5729
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...
CVE-2018-5730
CVE-2018-5730 and CVE-2018-5729 affect MIT krb5 1.6 and later. Upstream and distributor advisories show that an authenticated kadmin user with permission to add principals to an LDAP Kerberos database can bypass the DN container check (CVE-2018-5730) or trigger a null dereference / kadmind bypass...
CVE-2018-5729
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...
CVE-2018-5730
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN stri...
CVE-2018-5729
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...
Updated krb5 packages fix security vulnerabilities
Updated krb5 packages fix security vulnerabilities: An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the Key Distribution Center KDC, which allows...
CVE-2018-5710
An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the Key Distribution Center KDC, which allows remote authenticated users to cause a denial of servi...
CVE-2018-5710
An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the Key Distribution Center KDC, which allows remote authenticated users to cause a denial of servi...
DEBIAN-CVE-2018-5709
An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. There is a variable "dbentry-nkeydata" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect...