Bug 647416 (CVE-2018-5709)

Summary:	app-crypt/mit-krb5: Data corruption vulnerability (CVE-2018-5709)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED WONTFIX
Severity:	minor	CC:	eras
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B4 [ebuild upstream cve]
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2018-02-12 16:57:42 UTC

CVE-2018-5709 (https://nvd.nist.gov/vuln/detail/CVE-2018-5709):
  An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is
  a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store
  16-bit data but unknowingly the developer has assigned a "u4" variable to
  it, which is for 32-bit data. An attacker can use this vulnerability to
  affect other artifacts of the database as we know that a Kerberos database
  dump file contains trusted data.

Comment 1 Aaron Bauman (RETIRED) gentoo-dev

2018-04-08 21:36:41 UTC

Upstream has removed all confidential information.  Not sure if we have any information from OSS or other channels.  Locking the bug until this is further understood and a fix identified.

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2019-04-14 02:22:31 UTC

dbentry->len = u1;
dbentry->n_key_data = u4;