MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| mit | kerberos_5 | 5-1.6 - 5-1.21.2 | - |
| fedoraproject | fedora | - | - |
| fedoraproject | fedora | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
8
Affected Products
20
References
mit / kerberos_5 +7 more
| - |
| debian | debian_linux | - | - |
| debian | debian_linux | - | - |
| redhat | enterprise_linux_desktop | - | - |
| redhat | enterprise_linux_server | - | - |
| redhat | enterprise_linux_workstation | - | - |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Exploitability
Impact