Candidate: CVE-2018-5729
PublicDate: 2018-03-06 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5729
Description:
 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add
 principals to an LDAP Kerberos database to cause a denial of service (NULL
 pointer dereference) or bypass a DN container check by supplying tagged
 data that is internal to the database module.
Ubuntu-Description:
 It was discovered that Kerberos incorrectly handled tagged data. A
 remote authenticated attacker could possibly use this issue to obtain
 sensitive information or cause a denial of service.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L [4.7 MEDIUM]
 nvd: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L [4.7 MEDIUM]


Patches_krb5:
Tags_krb5: universe-binary
upstream_krb5: needs-triage
precise/esm_krb5: ignored (end of ESM support, was needs-triage)
trusty_krb5: released (1.12+dfsg-2ubuntu5.4)
trusty/esm_krb5: released (1.12+dfsg-2ubuntu5.4)
xenial_krb5: released (1.13.2+dfsg-5ubuntu2.1)
esm-infra/xenial_krb5: released (1.13.2+dfsg-5ubuntu2.1)
artful_krb5: ignored (reached end-of-life)
bionic_krb5: released (1.16-2ubuntu0.1)
cosmic_krb5: released (1.16-2ubuntu1.1)
disco_krb5: not-affected (1.16.1-1)
eoan_krb5: not-affected (1.16.1-1)
focal_krb5: not-affected (1.16.1-1)
groovy_krb5: not-affected (1.16.1-1)
hirsute_krb5: not-affected (1.16.1-1)
devel_krb5: not-affected (1.16.1-1)