Vulnerabilities > CVE-2018-5730 - LDAP Injection vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 2 | |
OS | 2 | |
OS | 3 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- LDAP Injection An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1398.NASL description According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) - DN container check bypass by supplying special crafted data (CVE-2018-5730) - A stack based buffer overflow was found in the get_matching_data() function, when reading the principal last seen 2020-05-15 modified 2018-12-10 plugin id 119526 published 2018-12-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119526 title EulerOS 2.0 SP3 : krb5 (EulerOS-SA-2018-1398) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(119526); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/13"); script_cve_id( "CVE-2017-15088", "CVE-2018-5729", "CVE-2018-5730" ); script_name(english:"EulerOS 2.0 SP3 : krb5 (EulerOS-SA-2018-1398)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) - DN container check bypass by supplying special crafted data (CVE-2018-5730) - A stack based buffer overflow was found in the get_matching_data() function, when reading the principal's certificate during pkinit preauthentication. If the Certifcate Authority's subject line is sufficiently long, an attacker able to have a specially crafted certificate signed could crash the authentication process, such as kinit, or, possibly, run arbitrary code.(CVE-2017-15088 ) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1398 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a31ab41c"); script_set_attribute(attribute:"solution", value: "Update the affected krb5 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-pkinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-server-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libkadm5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["krb5-devel-1.15.1-34", "krb5-libs-1.15.1-34", "krb5-pkinit-1.15.1-34", "krb5-server-1.15.1-34", "krb5-server-ldap-1.15.1-34", "krb5-workstation-1.15.1-34", "libkadm5-1.15.1-34"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3071.NASL description An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 118523 published 2018-10-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118523 title RHEL 7 : krb5 (RHSA-2018:3071) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:3071. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(118523); script_version("1.5"); script_cvs_date("Date: 2019/10/24 15:35:45"); script_cve_id("CVE-2018-5729", "CVE-2018-5730"); script_xref(name:"RHSA", value:"2018:3071"); script_name(english:"RHEL 7 : krb5 (RHSA-2018:3071)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section." ); # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3395ff0b" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3071" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-5729" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-5730" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-pkinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-server-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:krb5-workstation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libkadm5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2018:3071"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", reference:"krb5-debuginfo-1.15.1-34.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"krb5-devel-1.15.1-34.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"krb5-libs-1.15.1-34.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"krb5-pkinit-1.15.1-34.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"krb5-pkinit-1.15.1-34.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"krb5-server-1.15.1-34.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"krb5-server-1.15.1-34.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"krb5-server-ldap-1.15.1-34.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"krb5-server-ldap-1.15.1-34.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"krb5-workstation-1.15.1-34.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"krb5-workstation-1.15.1-34.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"libkadm5-1.15.1-34.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-debuginfo / krb5-devel / krb5-libs / krb5-pkinit / krb5-server / etc"); } }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0087_KRB5.NASL description An update of the krb5 package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121987 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121987 title Photon OS 2.0: Krb5 PHSA-2018-2.0-0087 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-2.0-0087. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(121987); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id("CVE-2018-5730"); script_name(english:"Photon OS 2.0: Krb5 PHSA-2018-2.0-0087"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the krb5 package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-87.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10915"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/24"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:krb5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"krb5-1.16-2.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"krb5-debuginfo-1.16-2.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"krb5-devel-1.16-2.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"krb5-lang-1.16-2.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20181030_KRB5_ON_SL7_X.NASL description Security Fix(es) : - krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) - krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730) last seen 2020-03-18 modified 2018-11-27 plugin id 119188 published 2018-11-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119188 title Scientific Linux Security Update : krb5 on SL7.x x86_64 (20181030) NASL family Fedora Local Security Checks NASL id FEDORA_2018-391A1F3E61.NASL description Fix CVE-2018-5729, CVE-2018-5730. These are low-impact, requiring administrator access to exploit. ---- Fix leak in previous version. ---- Always read config snippets in alphabetical order per-directory. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-02-21 plugin id 106908 published 2018-02-21 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106908 title Fedora 27 : krb5 (2018-391a1f3e61) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0177.NASL description An update of 'krb5' packages of Photon OS has been released. last seen 2019-02-08 modified 2019-02-07 plugin id 112034 published 2018-08-21 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=112034 title Photon OS 1.0: Krb5 PHSA-2018-1.0-0177 (deprecated) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0846-1.NASL description This update for krb5 provides the following fixes: Security issues fixed : - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). - CVE-2018-5729: NULL pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). Non-security issues fixed : - Make it possible for legacy applications (e.g. SAP Netweaver) to remain compatible with newer Kerberos. System administrators who are experiencing this kind of compatibility issues may set the environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value, and make sure the environment variable is visible and effective to the application startup script. (bsc#1057662) - Fix a GSS failure in legacy applications by not indicating deprecated GSS mechanisms in gss_indicate_mech() list. (bsc#1081725) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 108747 published 2018-03-30 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108747 title SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2018:0846-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0087.NASL description An update of 'krb5', 'postgresql' packages of Photon OS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 112220 published 2018-08-31 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=112220 title Photon OS 2.0: Krb5 / Postgresql PHSA-2018-2.0-0087 (deprecated) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0177_KRB5.NASL description An update of the krb5 package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121878 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121878 title Photon OS 1.0: Krb5 PHSA-2018-1.0-0177 NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0175-1.NASL description This update for krb5 fixes the following issues : Security issues fixed : CVE-2018-5729, CVE-2018-5730: Fixed multiple flaws in LDAP DN checking (bsc#1083926, bsc#1083927) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-28 plugin id 121416 published 2019-01-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121416 title SUSE SLED15 / SLES15 Security Update : krb5 (SUSE-SU-2019:0175-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1129.NASL description MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a last seen 2020-03-17 modified 2019-01-25 plugin id 121361 published 2019-01-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121361 title Amazon Linux AMI : krb5 (ALAS-2018-1129) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-328.NASL description This update for krb5 provides the following fixes : Security issues fixed : - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). - CVE-2018-5729: NULL pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). Non-security issues fixed : - Make it possible for legacy applications (e.g. SAP Netweaver) to remain compatible with newer Kerberos. System administrators who are experiencing this kind of compatibility issues may set the environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value, and make sure the environment variable is visible and effective to the application startup script. (bsc#1057662) - Fix a GSS failure in legacy applications by not indicating deprecated GSS mechanisms in gss_indicate_mech() list. (bsc#1081725) This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2018-04-02 plugin id 108783 published 2018-04-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108783 title openSUSE Security Update : krb5 (openSUSE-2018-328) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1184.NASL description According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.i1/4^CVE-2018-5729i1/4%0 - MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a last seen 2020-03-19 modified 2019-04-09 plugin id 123870 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123870 title EulerOS Virtualization 2.5.3 : krb5 (EulerOS-SA-2019-1184) NASL family Fedora Local Security Checks NASL id FEDORA_2018-F97CB1C9B0.NASL description Fix CVE-2018-5729, CVE-2018-5730. These are low-impact, requiring administrator access to exploit. ---- Fix leak in previous version. ---- Always read config snippets in alphabetical order per-directory. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-03-02 plugin id 107108 published 2018-03-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107108 title Fedora 26 : krb5 (2018-f97cb1c9b0) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1129.NASL description MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a last seen 2020-03-28 modified 2018-12-20 plugin id 119784 published 2018-12-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119784 title Amazon Linux 2 : krb5 (ALAS-2018-1129) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1425.NASL description According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) - DN container check bypass by supplying special crafted data (CVE-2018-5730) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-12-28 plugin id 119914 published 2018-12-28 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119914 title EulerOS 2.0 SP2 : krb5 (EulerOS-SA-2018-1425) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-139.NASL description This update for krb5 fixes the following issues : Security issues fixed : - CVE-2018-5729, CVE-2018-5730: Fixed multiple flaws in LDAP DN checking (bsc#1083926, bsc#1083927) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-03-18 modified 2019-02-06 plugin id 121609 published 2019-02-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121609 title openSUSE Security Update : krb5 (openSUSE-2019-139) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1643.NASL description krb5, a MIT Kerberos implementation, had several flaws in LDAP DN checking, which could be used to circumvent a DN containership check by supplying special parameters to some calls. Further an attacker could crash the KDC by making S4U2Self requests. For Debian 8 last seen 2020-03-17 modified 2019-01-28 plugin id 121399 published 2019-01-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121399 title Debian DLA-1643-1 : krb5 security update NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-3071.NASL description An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 118988 published 2018-11-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118988 title CentOS 7 : krb5 (CESA-2018:3071) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0067_KRB5.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has krb5 packages installed that are affected by multiple vulnerabilities: - MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a linkdn and containerdn database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. (CVE-2018-5730) - MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. (CVE-2018-5729) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127266 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127266 title NewStart CGSL CORE 5.04 / MAIN 5.04 : krb5 Multiple Vulnerabilities (NS-SA-2019-0067) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-3071.NASL description From Red Hat Security Advisory 2018:3071 : An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 118768 published 2018-11-07 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118768 title Oracle Linux 7 : krb5 (ELSA-2018-3071) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0859-1.NASL description This update for krb5 fixes several issues. This security issue was fixed : - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995). - CVE-2018-5729: NULL pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 108826 published 2018-04-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108826 title SUSE SLES11 Security Update : krb5 (SUSE-SU-2018:0859-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1383.NASL description According to the versions of the krb5 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a last seen 2020-06-01 modified 2020-06-02 plugin id 124886 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124886 title EulerOS Virtualization for ARM 64 3.0.1.0 : krb5 (EulerOS-SA-2019-1383)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
- https://bugzilla.redhat.com/show_bug.cgi?id=1551082
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869
- https://access.redhat.com/errata/RHSA-2018:3071
- http://www.securitytracker.com/id/1042071
- https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html
- https://access.redhat.com/errata/RHBA-2019:0327
- https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/