Pooja Shinde

2 exploits Active since Jan 2018
CVE-2018-5709 WRITEUP HIGH STUB
MIT Kerberos <1.16 - Info Disclosure
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
CVSS 7.5
CVE-2018-5710 WRITEUP MEDIUM STUB
MIT Kerberos < 5-1.16 - Authenticated Denial of Service via NULL Pointer Dereference in KDC
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.
CVSS 6.5