CVE-2018-5709 log
| Source |
|
| Severity | Low |
| Remote | Yes |
| Type | Information disclosure |
| Description | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-586 | krb5 | 1.16-1 | 1.16.1-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 05 Jun 2018 | ASA-201806-3 | AVG-586 | krb5 | Medium | insufficient validation |