AVG-586 log
| Package | krb5 |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 1.16-1 |
| Fixed | 1.16.1-1 |
| Current | 1.21.3-1 [core] |
| Ticket | None |
| Created | Tue Jan 16 16:48:08 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-5730 | Medium | Yes | Insufficient validation | A flaw was found in MIT krb5 1.6 or later, an authenticated kadmin user with permission to add principals to an LDAP Kerberos database can circumvent a DN... |
| CVE-2018-5729 | Medium | Yes | Insufficient validation | A flaw was found in MIT krb5 1.6 or later, an authenticated kadmin user with permission to add principals to an LDAP Kerberos database can cause a null... |
| CVE-2018-5709 | Low | Yes | Information disclosure | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 05 Jun 2018 | ASA-201806-3 | krb5 | insufficient validation |
| References |
|---|
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow |