Alpaquita Linux
Security Advisory

CVE-2018-5730

Published: March 6, 2018Last modified: November 9, 2023

Description

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.

Severity score breakdown

ParameterValue
Base score3.8
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredHIGH
User interactionNONE
ScopeUNCHANGED
ConfidentialityLOW
Integrity impactLOW
Availability impactNONE
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSkrb5Not affected (1.20.1-r0)
Streamkrb5Not affected (1.21.2-r0)

References

ON THIS PAGE