Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5828-1
HistoryJan 25, 2023 - 12:00 a.m.

Kerberos vulnerabilities

2023-01-2500:00:00
ubuntu.com
36

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.0%

JSON

Releases

  • Ubuntu 22.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • krb5 - MIT Kerberos Network Authentication Protocol

Details

It was discovered that Kerberos incorrectly handled certain S4U2Self
requests. An attacker could possibly use this issue to cause a denial of
service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu
18.04 LTS. (CVE-2018-20217)

Greg Hudson discovered that Kerberos PAC implementation incorrectly
handled certain parsing operations. A remote attacker could use this
issue to cause a denial of service, or possibly execute arbitrary code.
(CVE-2022-42898)

Related

nessus 73
osv 8
openvas 52
cloudfoundry 1
prion 2
fedora 8
altlinux 3
suse 2
ubuntucve 2
alpinelinux 2
cve 2
amazon 4
mageia 2
redhatcve 2
debiancve 2
veracode 1
cisa 1
redhat 9
cbl_mariner 4
oraclelinux 4
f5 1
almalinux 2
centos 1
ibm 3
rocky 2
slackware 2
samba 1
cloudlinux 1
debian 2
nessus
nessus
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Kerberos vulnerabilities (USN-5828-1)
2023-01-25 00:00:00
NewStart CGSL CORE 5.04 / MAIN 5.04 : krb5 Vulnerability (NS-SA-2020-0040)
2020-09-21 00:00:00
EulerOS 2.0 SP3 : krb5 (EulerOS-SA-2019-2600)
2019-12-18 00:00:00
osv
osv
krb5 vulnerabilities
2023-01-25 20:14:24
CVE-2018-20217
2018-12-26 21:29:02
krb5 - security update
2022-11-29 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5828-1)
2023-01-26 00:00:00
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2019-2600)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2019-2378)
2020-01-23 00:00:00
cloudfoundry
cloudfoundry
USN-5828-1: Kerberos vulnerabilities | Cloud Foundry
2023-02-24 00:00:00
prion
prion
Design/Logic Flaw
2018-12-26 21:29:00
Integer overflow
2022-12-25 06:15:00
fedora
fedora
[SECURITY] Fedora 29 Update: krb5-1.16.1-22.fc29
2018-12-24 06:08:40
[SECURITY] Fedora 29 Update: krb5-1.16.1-24.fc29
2019-01-08 02:43:21
[SECURITY] Fedora 28 Update: krb5-1.16.1-24.fc28
2019-01-11 00:17:04
altlinux
altlinux
Security fix for the ALT Linux 9 package krb5 version 1.16.3-alt1
2019-01-08 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.17.2-alt4
2022-11-24 00:00:00
Security fix for the ALT Linux 10 package samba version 4.16.7-alt1
2022-11-22 00:00:00
suse
suse
Security update for krb5 (important)
2019-01-25 00:00:00
Security update for krb5 (important)
2019-01-18 00:00:00
ubuntucve
ubuntucve
CVE-2018-20217
2018-12-26 00:00:00
CVE-2022-42898
2022-12-25 00:00:00
alpinelinux
alpinelinux
CVE-2018-20217
2018-12-26 21:29:00
CVE-2022-42898
2022-12-25 06:15:00
cve
cve
CVE-2018-20217
2018-12-26 21:29:00
CVE-2022-42898
2022-12-25 06:15:00
amazon
amazon
Medium: krb5
2020-05-22 20:58:00
Important: krb5
2023-01-18 20:56:00
Important: krb5
2023-01-31 20:44:00
mageia
mageia
Updated krb5 packages fix security vulnerability
2019-01-10 13:53:49
Updated krb5 packages fix security vulnerability
2022-12-17 21:48:08
redhatcve
redhatcve
CVE-2018-20217
2019-01-10 21:50:36
CVE-2022-42898
2022-11-15 19:56:22
debiancve
debiancve
CVE-2018-20217
2018-12-26 21:29:00
CVE-2022-42898
2022-12-25 06:15:00
veracode
veracode
Denial Of Service (DoS)
2022-11-21 15:06:29
cisa
cisa
Samba Releases Security Updates
2022-11-16 00:00:00
redhat
redhat
(RHSA-2022:8637) Important: krb5 security update
2022-11-28 09:18:18
(RHSA-2022:8638) Important: krb5 security update
2022-11-28 09:21:44
(RHSA-2022:9029) Important: Red Hat Virtualization Host security update [ovirt-4.5.3-3]
2022-12-14 14:12:25
cbl_mariner
cbl_mariner
CVE-2022-42898 affecting package samba 4.12.5-6
2024-05-06 09:06:41
CVE-2022-42898 affecting package heimdal 7.7.0-5
2023-01-29 21:01:57
CVE-2022-42898 affecting package krb5 1.18.4-2
2023-01-29 21:01:58
oraclelinux
oraclelinux
krb5 security update
2023-02-09 00:00:00
krb5 security update
2022-11-29 00:00:00
krb5 security update
2022-11-29 00:00:00
f5
f5
SAMBA vulnerability CVE-2022-42898
2022-11-29 22:49:00
almalinux
almalinux
Important: krb5 security update
2022-11-28 00:00:00
Important: krb5 security update
2022-11-28 00:00:00
centos
centos
krb5, libkadm5 security update
2022-11-30 23:03:16
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in MIT krb5 (CVE-2022-42898).
2023-03-31 17:55:17
Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898)
2023-09-19 19:52:23
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to denial of service due to [CVE-2022-42898]
2023-01-27 10:11:21
rocky
rocky
krb5 security update
2022-11-28 09:18:18
krb5 security update
2022-11-28 09:21:44
slackware
slackware
[slackware-security] samba
2022-11-17 02:00:41
[slackware-security] krb5
2022-11-17 01:59:39
samba
samba
Samba buffer overflow vulnerabilities on 32-bit
2022-11-15 00:00:00
cloudlinux
cloudlinux
krb5: Fix of CVE-2022-42898
2022-12-12 19:47:31
debian
debian
[SECURITY] [DLA 3213-1] krb5 security update
2022-11-29 15:07:54
[SECURITY] [DSA 5286-1] krb5 security update
2022-11-19 13:31:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.0%

JSON
Related for USN-5828-1
nessus73osv8openvas52cloudfoundry1prion2fedora8altlinux3suse2ubuntucve2alpinelinux2cve2amazon4mageia2redhatcve2debiancve2veracode1cisa1redhat9cbl_mariner4oraclelinux4f51almalinux2centos1ibm3rocky2slackware2samba1cloudlinux1debian2