Vulnerabilities > CVE-2018-5729 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 4.7 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
LOW
network
low complexity
mit
fedoraproject
debian
redhat
CWE-476
nessus

Summary

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1398.NASL
    descriptionAccording to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) - DN container check bypass by supplying special crafted data (CVE-2018-5730) - A stack based buffer overflow was found in the get_matching_data() function, when reading the principal
    last seen2020-05-15
    modified2018-12-10
    plugin id119526
    published2018-12-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119526
    titleEulerOS 2.0 SP3 : krb5 (EulerOS-SA-2018-1398)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119526);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/13");
    
      script_cve_id(
        "CVE-2017-15088",
        "CVE-2018-5729",
        "CVE-2018-5730"
      );
    
      script_name(english:"EulerOS 2.0 SP3 : krb5 (EulerOS-SA-2018-1398)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the krb5 packages installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerabilities :
    
      - null dereference in kadmind or DN container check
        bypass by supplying special crafted data
        (CVE-2018-5729)
    
      - DN container check bypass by supplying special crafted
        data (CVE-2018-5730)
    
      - A stack based buffer overflow was found in the
        get_matching_data() function, when reading the
        principal's certificate during pkinit
        preauthentication. If the Certifcate Authority's
        subject line is sufficiently long, an attacker able to
        have a specially crafted certificate signed could crash
        the authentication process, such as kinit, or,
        possibly, run arbitrary code.(CVE-2017-15088 )
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1398
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a31ab41c");
      script_set_attribute(attribute:"solution", value:
    "Update the affected krb5 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-pkinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-server-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-workstation");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libkadm5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["krb5-devel-1.15.1-34",
            "krb5-libs-1.15.1-34",
            "krb5-pkinit-1.15.1-34",
            "krb5-server-1.15.1-34",
            "krb5-server-ldap-1.15.1-34",
            "krb5-workstation-1.15.1-34",
            "libkadm5-1.15.1-34"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3071.NASL
    descriptionAn update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118523
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118523
    titleRHEL 7 : krb5 (RHSA-2018:3071)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3071. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118523);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/24 15:35:45");
    
      script_cve_id("CVE-2018-5729", "CVE-2018-5730");
      script_xref(name:"RHSA", value:"2018:3071");
    
      script_name(english:"RHEL 7 : krb5 (RHSA-2018:3071)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for krb5 is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Low. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link (s) in the References section.
    
    Kerberos is a network authentication system, which can improve the
    security of your network by eliminating the insecure practice of
    sending passwords over the network in unencrypted form. It allows
    clients and servers to authenticate to each other with the help of a
    trusted third party, the Kerberos key distribution center (KDC).
    
    Security Fix(es) :
    
    * krb5: null dereference in kadmind or DN container check bypass by
    supplying special crafted data (CVE-2018-5729)
    
    * krb5: DN container check bypass by supplying special crafted data
    (CVE-2018-5730)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Additional Changes :
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 7.6 Release Notes linked from the References section."
      );
      # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3395ff0b"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:3071"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-5729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-5730"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-pkinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-workstation");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libkadm5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:3071";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", reference:"krb5-debuginfo-1.15.1-34.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"krb5-devel-1.15.1-34.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"krb5-libs-1.15.1-34.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"krb5-pkinit-1.15.1-34.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"krb5-pkinit-1.15.1-34.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"krb5-server-1.15.1-34.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"krb5-server-1.15.1-34.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"krb5-server-ldap-1.15.1-34.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"krb5-server-ldap-1.15.1-34.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"krb5-workstation-1.15.1-34.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"krb5-workstation-1.15.1-34.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"libkadm5-1.15.1-34.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-debuginfo / krb5-devel / krb5-libs / krb5-pkinit / krb5-server / etc");
      }
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0164_NSS.NASL
    descriptionAn update of the nss package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126182
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126182
    titlePhoton OS 2.0: Nss PHSA-2019-2.0-0164
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-2.0-0164. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126182);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/09");
    
      script_cve_id("CVE-2018-12404");
      script_bugtraq_id(107260);
    
      script_name(english:"Photon OS 2.0: Nss PHSA-2019-2.0-0164");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the nss package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-164.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5729");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:nss");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", reference:"nss-3.44-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"nss-debuginfo-3.44-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"nss-devel-3.44-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"nss-libs-3.44-1.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0020_KRB5.NASL
    descriptionAn update of the krb5 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126183
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126183
    titlePhoton OS 3.0: Krb5 PHSA-2019-3.0-0020
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181030_KRB5_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) - krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730)
    last seen2020-03-18
    modified2018-11-27
    plugin id119188
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119188
    titleScientific Linux Security Update : krb5 on SL7.x x86_64 (20181030)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-391A1F3E61.NASL
    descriptionFix CVE-2018-5729, CVE-2018-5730. These are low-impact, requiring administrator access to exploit. ---- Fix leak in previous version. ---- Always read config snippets in alphabetical order per-directory. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-02-21
    plugin id106908
    published2018-02-21
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106908
    titleFedora 27 : krb5 (2018-391a1f3e61)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0846-1.NASL
    descriptionThis update for krb5 provides the following fixes: Security issues fixed : - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). - CVE-2018-5729: NULL pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). Non-security issues fixed : - Make it possible for legacy applications (e.g. SAP Netweaver) to remain compatible with newer Kerberos. System administrators who are experiencing this kind of compatibility issues may set the environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value, and make sure the environment variable is visible and effective to the application startup script. (bsc#1057662) - Fix a GSS failure in legacy applications by not indicating deprecated GSS mechanisms in gss_indicate_mech() list. (bsc#1081725) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id108747
    published2018-03-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108747
    titleSUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2018:0846-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0164_ELFUTILS.NASL
    descriptionAn update of the elfutils package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126180
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126180
    titlePhoton OS 2.0: Elfutils PHSA-2019-2.0-0164
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0175-1.NASL
    descriptionThis update for krb5 fixes the following issues : Security issues fixed : CVE-2018-5729, CVE-2018-5730: Fixed multiple flaws in LDAP DN checking (bsc#1083926, bsc#1083927) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-28
    plugin id121416
    published2019-01-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121416
    titleSUSE SLED15 / SLES15 Security Update : krb5 (SUSE-SU-2019:0175-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1129.NASL
    descriptionMIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a
    last seen2020-03-17
    modified2019-01-25
    plugin id121361
    published2019-01-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121361
    titleAmazon Linux AMI : krb5 (ALAS-2018-1129)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0164_BINUTILS.NASL
    descriptionAn update of the binutils package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126179
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126179
    titlePhoton OS 2.0: Binutils PHSA-2019-2.0-0164
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-328.NASL
    descriptionThis update for krb5 provides the following fixes : Security issues fixed : - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). - CVE-2018-5729: NULL pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). Non-security issues fixed : - Make it possible for legacy applications (e.g. SAP Netweaver) to remain compatible with newer Kerberos. System administrators who are experiencing this kind of compatibility issues may set the environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value, and make sure the environment variable is visible and effective to the application startup script. (bsc#1057662) - Fix a GSS failure in legacy applications by not indicating deprecated GSS mechanisms in gss_indicate_mech() list. (bsc#1081725) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2018-04-02
    plugin id108783
    published2018-04-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108783
    titleopenSUSE Security Update : krb5 (openSUSE-2018-328)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1184.NASL
    descriptionAccording to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.i1/4^CVE-2018-5729i1/4%0 - MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a
    last seen2020-03-19
    modified2019-04-09
    plugin id123870
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123870
    titleEulerOS Virtualization 2.5.3 : krb5 (EulerOS-SA-2019-1184)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-F97CB1C9B0.NASL
    descriptionFix CVE-2018-5729, CVE-2018-5730. These are low-impact, requiring administrator access to exploit. ---- Fix leak in previous version. ---- Always read config snippets in alphabetical order per-directory. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-03-02
    plugin id107108
    published2018-03-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107108
    titleFedora 26 : krb5 (2018-f97cb1c9b0)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1129.NASL
    descriptionMIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a
    last seen2020-03-28
    modified2018-12-20
    plugin id119784
    published2018-12-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119784
    titleAmazon Linux 2 : krb5 (ALAS-2018-1129)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1425.NASL
    descriptionAccording to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) - DN container check bypass by supplying special crafted data (CVE-2018-5730) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-12-28
    plugin id119914
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119914
    titleEulerOS 2.0 SP2 : krb5 (EulerOS-SA-2018-1425)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-139.NASL
    descriptionThis update for krb5 fixes the following issues : Security issues fixed : - CVE-2018-5729, CVE-2018-5730: Fixed multiple flaws in LDAP DN checking (bsc#1083926, bsc#1083927) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-03-18
    modified2019-02-06
    plugin id121609
    published2019-02-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121609
    titleopenSUSE Security Update : krb5 (openSUSE-2019-139)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1643.NASL
    descriptionkrb5, a MIT Kerberos implementation, had several flaws in LDAP DN checking, which could be used to circumvent a DN containership check by supplying special parameters to some calls. Further an attacker could crash the KDC by making S4U2Self requests. For Debian 8
    last seen2020-03-17
    modified2019-01-28
    plugin id121399
    published2019-01-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121399
    titleDebian DLA-1643-1 : krb5 security update
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-3071.NASL
    descriptionAn update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118988
    published2018-11-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118988
    titleCentOS 7 : krb5 (CESA-2018:3071)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0020_NSS.NASL
    descriptionAn update of the nss package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126184
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126184
    titlePhoton OS 3.0: Nss PHSA-2019-3.0-0020
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0067_KRB5.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has krb5 packages installed that are affected by multiple vulnerabilities: - MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a linkdn and containerdn database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. (CVE-2018-5730) - MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. (CVE-2018-5729) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127266
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127266
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : krb5 Multiple Vulnerabilities (NS-SA-2019-0067)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0239_KRB5.NASL
    descriptionAn update of the krb5 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126187
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126187
    titlePhoton OS 1.0: Krb5 PHSA-2019-1.0-0239
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0164_KRB5.NASL
    descriptionAn update of the krb5 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126181
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126181
    titlePhoton OS 2.0: Krb5 PHSA-2019-2.0-0164
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-3071.NASL
    descriptionFrom Red Hat Security Advisory 2018:3071 : An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118768
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118768
    titleOracle Linux 7 : krb5 (ELSA-2018-3071)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0859-1.NASL
    descriptionThis update for krb5 fixes several issues. This security issue was fixed : - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995). - CVE-2018-5729: NULL pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id108826
    published2018-04-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108826
    titleSUSE SLES11 Security Update : krb5 (SUSE-SU-2018:0859-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1383.NASL
    descriptionAccording to the versions of the krb5 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a
    last seen2020-06-01
    modified2020-06-02
    plugin id124886
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124886
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : krb5 (EulerOS-SA-2019-1383)

Redhat

advisories
  • rhsa
    idRHBA-2019:0327
  • rhsa
    idRHSA-2018:3071
rpms
  • krb5-debuginfo-0:1.15.1-34.el7
  • krb5-devel-0:1.15.1-34.el7
  • krb5-libs-0:1.15.1-34.el7
  • krb5-pkinit-0:1.15.1-34.el7
  • krb5-server-0:1.15.1-34.el7
  • krb5-server-ldap-0:1.15.1-34.el7
  • krb5-workstation-0:1.15.1-34.el7
  • libkadm5-0:1.15.1-34.el7