8.5

CVE-2007-4000

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MitKerberos 5 Version >= 1.5 <= 1.6.2
FedoraprojectFedora Version7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.14% 0.925
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.5 6.8 10
AV:N/AC:M/Au:S/C:C/I:C/A:C
CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

http://secunia.com/advisories/26987
Broken Link
http://www.novell.com/linux/security/advisories/2007_19_sr.html
Broken Link
http://secunia.com/advisories/26676
Broken Link
http://secunia.com/advisories/26680
Broken Link
http://secunia.com/advisories/26700
Broken Link
http://secunia.com/advisories/26728
Broken Link
http://secunia.com/advisories/26783
Broken Link
http://securityreason.com/securityalert/3092
Broken Link
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:174
Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0858.html
Third Party Advisory
http://www.securitytracker.com/id?1018647
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2007/3051
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html
Mailing List
http://www.kb.cert.org/vuls/id/377544
Third Party Advisory
US Government Resource
http://www.securityfocus.com/archive/1/478794/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/25533
Third Party Advisory
Broken Link
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=250976
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/36438
Broken Link
VDB Entry
https://issues.rpath.com/browse/RPL-1696
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9278
Broken Link