CVE-2018-5730

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-5730
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-5730.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-5730
Downstream
Related
Published
2018-03-06T20:29:00Z
Modified
2025-08-09T20:01:27Z
Severity
  • 3.8 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.

References

Affected packages

Debian:11 / krb5

Package

Name
krb5
Purl
pkg:deb/debian/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.16.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / krb5

Package

Name
krb5
Purl
pkg:deb/debian/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.16.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / krb5

Package

Name
krb5
Purl
pkg:deb/debian/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.16.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / krb5

Package

Name
krb5
Purl
pkg:deb/debian/krb5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.16.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/krb5/krb5

Affected ranges

Type
GIT
Repo
https://github.com/krb5/krb5
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e1caf6fb74981da62039846931ebdffed71309d1

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "75111337352398189721598009294308441505",
                    "336958063836204927476289690788542691638",
                    "120087076127768584086495051510240846203",
                    "334893741469516411255274780463999380445"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "src/lib/kadm5/srv/svr_principal.c"
            },
            "source": "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1",
            "id": "CVE-2018-5730-10253d21"
        },
        {
            "digest": {
                "function_hash": "211120422275595891342126583688331665321",
                "length": 16964.0
            },
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "function": "krb5_ldap_put_principal",
                "file": "src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c"
            },
            "source": "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1",
            "id": "CVE-2018-5730-18578c69"
        },
        {
            "digest": {
                "line_hashes": [
                    "326058565137069495098940319200829364162",
                    "31597852237694983539698081505007826967",
                    "160641354086710381327501125745268035190",
                    "299613844414308646218701632485234642946",
                    "117221313208336232592334488995642422464",
                    "108458747949923556049754148080979900508",
                    "187110090378269903063862699572586019056",
                    "222484068341340778357130514302121754202",
                    "288591930033976887255844629288350021081",
                    "86346674961012804615844276971126163308",
                    "220667028627045818404251534448252592012",
                    "105494505659290755888617580854215948536",
                    "112600968483297221848576600275164726929",
                    "13930920837612666657940515751581506804",
                    "187964875996132765998013465807699671966",
                    "54079241832758304666338893361250597169",
                    "195832476258473845233169472413378217919",
                    "91481431019675277163790282571982528566",
                    "106356270551367843593939781999461511172",
                    "196376047534901911220151329623340750013",
                    "316535679230422766263526642004906960633",
                    "167416946229790454119182116668299384918",
                    "272502607591239377147665390268745654651",
                    "34468822679603349342911005618143068512",
                    "307397591991080417744704121984251592566",
                    "201936030911882923308571295476005446762",
                    "7620406347633417157429156055109178202",
                    "91884226057018905065522792693734143492",
                    "327548710538031912751057990649665717275",
                    "61615111599628738855154878530075183642",
                    "249562238218886193487204935367496464147",
                    "227486761007117995411342921140906417301",
                    "117236531258341529864494240346124992392",
                    "12743398315979035491510585567965365959",
                    "282935356386053384962349093621192437475",
                    "94395669830553337409160377434812094021",
                    "163531340918182357032945199762115398036",
                    "75407180318704451699303769443305508093",
                    "47981791486271131330930217371812311807",
                    "24302025610066777540751352989555425213",
                    "161603311430215845574263198389790787458",
                    "52782127679438286320472527691536478240",
                    "242231467410340112532404933334557781668",
                    "196766540872299545217859069370695476770",
                    "78538417860661143951668589539896516904",
                    "11615575500189806612629371785162470098",
                    "229371149006051468397776974187811811678",
                    "166124692004026351661914811610548743576",
                    "328772279878327418613225228407183016376",
                    "333171212044154732321189302389863222331",
                    "24148913399438739242625156167299467439",
                    "172778515924890525027153601710687678755",
                    "113275589606634581167301345789465884847",
                    "319973085289599329428543664097595049973",
                    "54845722450703358705143440800998335458",
                    "285614249126381644002431301316916002321",
                    "72541389364875135270197549144757252503",
                    "63171983421821844004713211411385187533",
                    "103943022312666616468944187079462199614",
                    "68594980306929940245666997737602741565",
                    "20247472026367935089741594659737379805",
                    "138624575094585257843982795348275745587",
                    "123112631681129865141747472810363340369",
                    "195311976186946851393125577543572349860",
                    "139074246385868219682765612412148974034",
                    "53205641744594562615583039321824899347",
                    "249983414507444467383023984336828138480",
                    "301497781858382190441445359305483325679",
                    "98281345617827930809087695362129421346",
                    "169706574031586378537266273977081791862",
                    "137672769316082463772982373276740952864",
                    "107894361932976249672933757962959296304",
                    "339901691616296679351499870827314521446",
                    "321396455338754912776100837265003478946"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c"
            },
            "source": "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1",
            "id": "CVE-2018-5730-1c755c59"
        },
        {
            "digest": {
                "function_hash": "10181940549393762099804094725073658979",
                "length": 4242.0
            },
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "function": "kadm5_create_principal_3",
                "file": "src/lib/kadm5/srv/svr_principal.c"
            },
            "source": "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1",
            "id": "CVE-2018-5730-e9d63a64"
        }
    ]
}