Home > Vulnerability Database > CVE-2007-4000

Mend.io Vulnerability Database

CVE-2007-4000

Date: September 5, 2007

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

Severity Score

7.5

Related Resources (24)

Url: http://www.securityfocus.com/archive/1/478794/100/0/threaded

Url: http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml

Url: http://secunia.com/advisories/26680

Url: http://www.securityfocus.com/bid/25533

Url: http://securityreason.com/securityalert/3092

Url: http://www.vupen.com/english/advisories/2007/3051

Url: https://issues.rpath.com/browse/RPL-1696

Url: http://www.novell.com/linux/security/advisories/2007_19_sr.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9278

Url: http://www.securitytracker.com/id?1018647

Url: http://secunia.com/advisories/26987

Url: http://www.kb.cert.org/vuls/id/377544

Url: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html

Url: http://secunia.com/advisories/26728

Url: https://bugzilla.redhat.com/show_bug.cgi?id=250976

Url: http://www.redhat.com/support/errata/RHSA-2007-0858.html

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:174

Url: http://secunia.com/advisories/26783

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-4000

Url: http://secunia.com/advisories/26700

Url: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt

Url: http://secunia.com/advisories/26676

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/36438

Url: https://www.mend.io/vulnerability-database/CVE-2007-4000

Severity Score

7.5

Weakness Type (CWE)

Access of Uninitialized Pointer

CWE-824

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	8.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-4000

Date: September 5, 2007

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?