CVE-2018-5709
The MITRE CVE dictionary describes this issue as:
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
Find out more about CVE-2018-5709 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This is essentially an integer truncation issue, and not an integer overflow. We have determined that this should not affect any other data allocated close to the 16-bit integer in question "dbentry-> n_key_data". Red Hat Product Security does not consider this issue as a security flaw.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 6.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | Low |
| Availability Impact | Low |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat JBoss EWS 2 | krb5 | Not affected |
| Red Hat JBoss EAP 6 | krb5 | Under investigation |
| Red Hat JBoss Core Services 1 | krb5 | Not affected |
| Red Hat Enterprise Linux 7 | krb5 | Under investigation |
| Red Hat Enterprise Linux 6 | krb5 | Under investigation |
| Red Hat Enterprise Linux 5 | krb5 | Under investigation |
CVE description copyright © 2017, The MITRE Corporation