Candidate: CVE-2018-5730
PublicDate: 2018-03-06 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5730
Description:
 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add
 principals to an LDAP Kerberos database to circumvent a DN containership
 check by supplying both a "linkdn" and "containerdn" database argument, or
 by supplying a DN string which is a left extension of a container DN string
 but is not hierarchically within the container DN.
Ubuntu-Description:
 It was discovered that Kerberos incorrectly handled certain database
 arguments. A remote authenticated attacker could possibly use this issue
 to obtain sensitive information.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N [3.8 LOW]
 nvd: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N [3.8 LOW]


Patches_krb5:
Tags_krb5: universe-binary
upstream_krb5: needs-triage
precise/esm_krb5: ignored (end of ESM support, was needs-triage)
trusty_krb5: released (1.12+dfsg-2ubuntu5.4)
trusty/esm_krb5: released (1.12+dfsg-2ubuntu5.4)
xenial_krb5: released (1.13.2+dfsg-5ubuntu2.1)
esm-infra/xenial_krb5: released (1.13.2+dfsg-5ubuntu2.1)
artful_krb5: ignored (reached end-of-life)
bionic_krb5: released (1.16-2ubuntu0.1)
cosmic_krb5: released (1.16-2ubuntu1.1)
disco_krb5: not-affected (1.16.1-1)
eoan_krb5: not-affected (1.16.1-1)
focal_krb5: not-affected (1.16.1-1)
groovy_krb5: not-affected (1.16.1-1)
hirsute_krb5: not-affected (1.16.1-1)
devel_krb5: not-affected (1.16.1-1)