CVE-2007-4000

MIT Kerberos 5 1.5-1.6.2 - Authenticated Remote Code Execution via Uninitialized Pointer Write

Title source: llm

Description

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

References (22)

Core 22

Core References

Mailing List vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html

Broken Link x_refsource_confirm

https://issues.rpath.com/browse/RPL-1696

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1018647

Broken Link vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3051

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml

Broken Link vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2007_19_sr.html

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26680

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26783

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26728

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26700

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25533

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/478794/100/0/threaded

Issue Tracking x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=250976

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26987

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26676

Broken Link, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/36438

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9278

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0858.html

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/377544

Vendor Advisory x_refsource_confirm

http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt

Broken Link third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3092

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:174

Scores

EPSS 0.0614

EPSS Percentile 92.5%

Details

CWE

CWE-824

Status published

Products (2)

fedoraproject/fedora 7

mit/kerberos_5 1.5 - 1.6.2

Published Sep 05, 2007

Tracked Since Feb 18, 2026