CVE-2007-4000 : The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind)

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

Published 2007-09-05 10:17:00

Updated 2024-02-09 03:24:09

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2007-4000

Probability of exploitation activity in the next 30 days: 33.76%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-4000

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.5	HIGH	AV:N/AC:M/Au:S/C:C/I:C/A:C	6.8	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-4000

CWE-264

Assigned by: nvd@nist.gov (Primary)
CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-4000

http://www.novell.com/linux/security/advisories/2007_19_sr.html

404 Page Not Found | SUSE
Broken Link

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=250976

250976 – (CVE-2007-4000) CVE-2007-4000 krb5 kadmind uninitialized pointer
Issue Tracking
http://secunia.com/advisories/26987

About Secunia Research | Flexera
Broken Link
http://securityreason.com/securityalert/3092

MIT krb5 Security Advisory 2007-006 - CXSecurity.com
Broken Link

CVEs referencing this url
http://www.securitytracker.com/id?1018647

Broken Link;Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securityfocus.com/bid/25533

Broken Link;Third Party Advisory;VDB Entry
http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml

MIT Kerberos 5: Multiple vulnerabilities (GLSA 200709-01) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/36438

Kerberos kadmind modify policy code execution CVE-2007-4000 Vulnerability Report
Broken Link;VDB Entry
http://www.kb.cert.org/vuls/id/377544

VU#377544 - MIT Kerberos 5 kadmind privilege escalation vulnerability
Third Party Advisory;US Government Resource
http://secunia.com/advisories/26700

About Secunia Research | Flexera
Broken Link
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt

Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/26783

About Secunia Research | Flexera
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html

[SECURITY] Fedora 7 Update: krb5-1.6.1-3.fc7
Mailing List

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2007-0858.html

Support
Third Party Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9278

404 Not Found
Broken Link
http://www.vupen.com/english/advisories/2007/3051

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Broken Link

CVEs referencing this url
http://secunia.com/advisories/26680

About Secunia Research | Flexera
Broken Link
http://secunia.com/advisories/26728

About Secunia Research | Flexera
Broken Link
https://issues.rpath.com/browse/RPL-1696

Broken Link

CVEs referencing this url
http://secunia.com/advisories/26676

About Secunia Research | Flexera
Broken Link
http://www.securityfocus.com/archive/1/478794/100/0/threaded

Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2007:174

Advisories | Mandriva
Broken Link

CVEs referencing this url

Products affected by CVE-2007-4000

MIT » Kerberos 5
Versions from including (>=) 1.5 and up to, including, (<=) 1.6.2
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 7
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-4000

Exploit prediction scoring system (EPSS) score for CVE-2007-4000

CVSS scores for CVE-2007-4000

CWE ids for CVE-2007-4000

References for CVE-2007-4000

Products affected by CVE-2007-4000