| Revision Date: | 2022-09-02 | Version: | 1 |
| Title: | CVE-2018-5709 |
| Description: |
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
|
| Family: | unix | Class: | vulnerability |
| Status: | | Reference(s): | Mitre CVE-2018-5709
SUSE CVE-2018-5709
|
| Platform(s): | SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Desktop 15
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2 is installed AND krb5 is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Desktop 12 SP2 is installed
AND krb5 is affected
OR Package Information
SUSE Linux Enterprise Desktop 12 SP3 is installed
OR SUSE Linux Enterprise Desktop 12 SP4 is installed
AND krb5 is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Server 11 SP1 is installed
OR SUSE Linux Enterprise Server 11 SP2 is installed
OR SUSE Linux Enterprise Server 11 SP4 is installed
OR SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
AND krb5 is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Desktop 12 SP3 is installed
OR SUSE Linux Enterprise Desktop 12 SP4 is installed
OR SUSE Linux Enterprise Server 12 SP2 is installed
OR SUSE Linux Enterprise Server 12 SP3 is installed
OR SUSE Linux Enterprise Server 12 SP4 is installed
OR SUSE Linux Enterprise Server for SAP Applications 12 is installed
OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
OR SUSE Linux Enterprise Software Development Kit 12 SP2 is installed
OR SUSE Linux Enterprise Software Development Kit 12 SP3 is installed
AND krb5 is not affected
OR Package Information
SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
AND
krb5 is not affected
OR krb5-32bit is not affected
OR krb5-client is not affected
OR krb5-doc is not affected
OR krb5-plugin-kdb-ldap is not affected
OR krb5-plugin-preauth-otp is not affected
OR krb5-plugin-preauth-pkinit is not affected
OR krb5-server is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Desktop 15 is installed
OR SUSE Linux Enterprise High Performance Computing 15 is installed
OR SUSE Linux Enterprise Module for Basesystem 15 is installed
OR SUSE Linux Enterprise Server 15 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 is installed
AND krb5 is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Module for Basesystem 15 is installed
OR SUSE Linux Enterprise Module for Server Applications 15 is installed
AND krb5 is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Server 11 SP1 is installed
OR SUSE Linux Enterprise Server 11 SP2 is installed
AND krb5 is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Server 12 SP2 is installed
OR SUSE Linux Enterprise Server 12 SP3 is installed
OR SUSE Linux Enterprise Server 12 SP4 is installed
OR SUSE Linux Enterprise Server for SAP Applications 12 is installed
OR SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
AND krb5 is not affected
OR Package Information
SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
AND
krb5 is not affected
OR krb5-32bit is not affected
OR krb5-client is not affected
OR krb5-doc is not affected
OR krb5-plugin-kdb-ldap is not affected
OR krb5-plugin-preauth-otp is not affected
OR krb5-plugin-preauth-pkinit is not affected
OR krb5-server is not affected
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3 is installed
AND krb5 is not affected
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP4 is installed
AND krb5 is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Desktop 12 SP4 is installed
OR SUSE Linux Enterprise Server 12 SP4 is installed
AND krb5 is not affected
OR Package Information
SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
AND
krb5 is not affected
OR krb5-32bit is not affected
OR krb5-client is not affected
OR krb5-doc is not affected
OR krb5-plugin-kdb-ldap is not affected
OR krb5-plugin-preauth-otp is not affected
OR krb5-plugin-preauth-pkinit is not affected
OR krb5-server is not affected
|