647416 – (CVE-2018-5709) app-crypt/mit-krb5: Data corruption vulnerability (CVE-2018-5709)

Bug 647416 (CVE-2018-5709) - app-crypt/mit-krb5: Data corruption vulnerability (CVE-2018-5709)

Summary: app-crypt/mit-krb5: Data corruption vulnerability (CVE-2018-5709)

Status:	RESOLVED WONTFIX

Alias:	CVE-2018-5709

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [ebuild upstream cve]
Keywords:

Depends on:
Blocks:

Reported:	2018-02-12 16:57 UTC by GLSAMaker/CVETool Bot
Modified:	2019-04-14 02:22 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2018-02-12 16:57:42 UTC

CVE-2018-5709 (https://nvd.nist.gov/vuln/detail/CVE-2018-5709):
  An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is
  a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store
  16-bit data but unknowingly the developer has assigned a "u4" variable to
  it, which is for 32-bit data. An attacker can use this vulnerability to
  affect other artifacts of the database as we know that a Kerberos database
  dump file contains trusted data.

Comment 1 Aaron Bauman (RETIRED) gentoo-dev

2018-04-08 21:36:41 UTC

Upstream has removed all confidential information.  Not sure if we have any information from OSS or other channels.  Locking the bug until this is further understood and a fix identified.

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2019-04-14 02:22:31 UTC

dbentry->len = u1;
dbentry->n_key_data = u4;