CVE-2007-4000

NONECVSS 0.0

0.0

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

🔗 References (44)

cve@mitrehttp://secunia.com/advisories/26676
cve@mitrehttp://secunia.com/advisories/26680
cve@mitrehttp://secunia.com/advisories/26700
cve@mitrehttp://secunia.com/advisories/26728
cve@mitrehttp://secunia.com/advisories/26783
cve@mitrehttp://secunia.com/advisories/26987
cve@mitrehttp://securityreason.com/securityalert/3092
cve@mitrehttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt
cve@mitrehttp://www.gentoo.org/security/en/glsa/glsa-200709-01.xml
cve@mitrehttp://www.kb.cert.org/vuls/id/377544
cve@mitrehttp://www.mandriva.com/security/advisories?name=MDKSA-2007:174
cve@mitrehttp://www.novell.com/linux/security/advisories/2007_19_sr.html
cve@mitrehttp://www.redhat.com/support/errata/RHSA-2007-0858.html
cve@mitrehttp://www.securityfocus.com/archive/1/478794/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/25533

Is Your Infrastructure Affected by CVE-2007-4000?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-4000

📅 Published

🔄 Last Modified

🔗 References (44)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-4000?