NULL Pointer Dereference in krb5

Do your applications use this vulnerable package? Test your applications

Overview

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.

References

Debian Bug Report
Debian Security Announcement
Debian Security Tracker
Fedora Security Update
Fedora Security Update
GitHub Commit
REDHAT
RHSA Security Advisory
RedHat Bugzilla Bug
Security Tracker
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

High
User Interaction

None
Scope

Unchanged
Confidentiality

Low
Integrity

Low
Availability

Low

CVE: CVE-2018-5729
CWE: CWE-476
Snyk ID: SNYK-UBUNTU1604-KRB5-396221
Disclosed: 06 Mar, 2018
Published: 06 Mar, 2018

NULL Pointer Dereference
Affecting krb5 package, versions <1.13.2+dfsg-5ubuntu2.1

Overview

References

CVSS Score

NULL Pointer Dereference Affecting krb5 package, versions <1.13.2+dfsg-5ubuntu2.1

Overview

References

NULL Pointer Dereference
Affecting krb5 package, versions <1.13.2+dfsg-5ubuntu2.1