8.5

CVE-2007-4000

EPSS 10.43%
Published 05.09.2007 10:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

Affected products Warnungen 0 Metrics 2 CWE 1 References 25

Data is provided by the National Vulnerability Database (NVD)

Mit ≫ Kerberos 5 Version >= 1.5 <= 1.6.2

Fedoraproject ≫ Fedora Version7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	10.43%	0.929

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

http://secunia.com/advisories/26987

Broken Link

http://www.novell.com/linux/security/advisories/2007_19_sr.html

Broken Link

http://secunia.com/advisories/26676

Broken Link

http://secunia.com/advisories/26680

Broken Link

http://secunia.com/advisories/26700

Broken Link

http://secunia.com/advisories/26728

Broken Link

http://secunia.com/advisories/26783

Broken Link

http://securityreason.com/securityalert/3092

Broken Link

http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt

Vendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:174

Broken Link

http://www.redhat.com/support/errata/RHSA-2007-0858.html

Third Party Advisory

http://www.securitytracker.com/id?1018647

Third Party Advisory

Broken Link

VDB Entry

http://www.vupen.com/english/advisories/2007/3051

Broken Link

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html

Mailing List

http://www.kb.cert.org/vuls/id/377544

Third Party Advisory

US Government Resource

http://www.securityfocus.com/archive/1/478794/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/25533

Third Party Advisory

Broken Link

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=250976

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/36438

Broken Link

VDB Entry

https://issues.rpath.com/browse/RPL-1696

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9278

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2007-4000

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4000

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4000

EUVD