UBUNTU-CVE-2018-5709

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2018-5709

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-5709.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-5709

Withdrawn

2025-07-08T10:45:28Z

Published

2018-01-16T09:29:00Z

Modified

2025-07-08T14:32:18.464177Z

Upstream

CVE-2018-5709

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- negligible

Summary

[none]

Details

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->nkeydata" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

References

Affected packages

Ubuntu:Pro:14.04:LTS / krb5

Package

Name: krb5
Purl: pkg:deb/ubuntu/krb5@1.12+dfsg-2ubuntu5.4+esm7?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.1+dfsg-6.1ubuntu1

1.11.3+dfsg-3ubuntu2

1.12+dfsg-2ubuntu1

1.12+dfsg-2ubuntu2

1.12+dfsg-2ubuntu3

1.12+dfsg-2ubuntu4

1.12+dfsg-2ubuntu4.2

1.12+dfsg-2ubuntu5

1.12+dfsg-2ubuntu5.1

1.12+dfsg-2ubuntu5.2

1.12+dfsg-2ubuntu5.3

1.12+dfsg-2ubuntu5.4

1.12+dfsg-2ubuntu5.4+esm1

1.12+dfsg-2ubuntu5.4+esm2

1.12+dfsg-2ubuntu5.4+esm3

1.12+dfsg-2ubuntu5.4+esm4

1.12+dfsg-2ubuntu5.4+esm5

1.12+dfsg-2ubuntu5.4+esm6

1.12+dfsg-2ubuntu5.4+esm7

Ubuntu:Pro:16.04:LTS / krb5

Package

Name: krb5
Purl: pkg:deb/ubuntu/krb5@1.13.2+dfsg-5ubuntu2.2+esm7?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.13.2+dfsg-2

1.13.2+dfsg-3

1.13.2+dfsg-4

1.13.2+dfsg-5

1.13.2+dfsg-5ubuntu1

1.13.2+dfsg-5ubuntu2

1.13.2+dfsg-5ubuntu2.1

1.13.2+dfsg-5ubuntu2.1+esm1

1.13.2+dfsg-5ubuntu2.2

1.13.2+dfsg-5ubuntu2.2+esm3

1.13.2+dfsg-5ubuntu2.2+esm4

1.13.2+dfsg-5ubuntu2.2+esm5

1.13.2+dfsg-5ubuntu2.2+esm6

1.13.2+dfsg-5ubuntu2.2+esm7

Ubuntu:Pro:18.04:LTS / krb5

Package

Name: krb5
Purl: pkg:deb/ubuntu/krb5@1.16-2ubuntu0.4+esm5?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.15.1-2

1.16-2

1.16-2build1

1.16-2ubuntu0.1

1.16-2ubuntu0.1+esm1

1.16-2ubuntu0.2

1.16-2ubuntu0.3

1.16-2ubuntu0.4

1.16-2ubuntu0.4+esm1

1.16-2ubuntu0.4+esm2

1.16-2ubuntu0.4+esm3

1.16-2ubuntu0.4+esm5

Ubuntu:Pro:20.04:LTS / krb5

Package

Name: krb5
Purl: pkg:deb/ubuntu/krb5@1.17-6ubuntu4.11?arch=source&distro=esm-infra/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.17-6

1.17-6ubuntu3

1.17-6ubuntu4

1.17-6ubuntu4.1

1.17-6ubuntu4.2

1.17-6ubuntu4.3

1.17-6ubuntu4.4

1.17-6ubuntu4.6

1.17-6ubuntu4.7

1.17-6ubuntu4.8

1.17-6ubuntu4.9

1.17-6ubuntu4.11

Ubuntu:22.04:LTS / krb5

Package

Name: krb5
Purl: pkg:deb/ubuntu/krb5@1.19.2-2ubuntu0.7?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.18.3-6

1.18.3-7

1.19.2-0ubuntu1

1.19.2-1

1.19.2-2

1.19.2-2ubuntu0.1

1.19.2-2ubuntu0.2

1.19.2-2ubuntu0.3

1.19.2-2ubuntu0.4

1.19.2-2ubuntu0.5

1.19.2-2ubuntu0.6

1.19.2-2ubuntu0.7