Vulnerability Details : CVE-2007-4000
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2007-4000
Probability of exploitation activity in the next 30 days: 33.76%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-4000
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST |
CWE ids for CVE-2007-4000
-
Assigned by: nvd@nist.gov (Primary)
-
The product accesses or uses a pointer that has not been initialized.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-4000
-
http://www.novell.com/linux/security/advisories/2007_19_sr.html
404 Page Not Found | SUSEBroken Link
-
https://bugzilla.redhat.com/show_bug.cgi?id=250976
250976 – (CVE-2007-4000) CVE-2007-4000 krb5 kadmind uninitialized pointerIssue Tracking
-
http://secunia.com/advisories/26987
About Secunia Research | FlexeraBroken Link
-
http://securityreason.com/securityalert/3092
MIT krb5 Security Advisory 2007-006 - CXSecurity.comBroken Link
-
http://www.securitytracker.com/id?1018647
Broken Link;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/25533
Broken Link;Third Party Advisory;VDB Entry
-
http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml
MIT Kerberos 5: Multiple vulnerabilities (GLSA 200709-01) — Gentoo securityThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36438
Kerberos kadmind modify policy code execution CVE-2007-4000 Vulnerability ReportBroken Link;VDB Entry
-
http://www.kb.cert.org/vuls/id/377544
VU#377544 - MIT Kerberos 5 kadmind privilege escalation vulnerabilityThird Party Advisory;US Government Resource
-
http://secunia.com/advisories/26700
About Secunia Research | FlexeraBroken Link
-
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt
Vendor Advisory
-
http://secunia.com/advisories/26783
About Secunia Research | FlexeraBroken Link
-
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html
[SECURITY] Fedora 7 Update: krb5-1.6.1-3.fc7Mailing List
-
http://www.redhat.com/support/errata/RHSA-2007-0858.html
SupportThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9278
404 Not FoundBroken Link
-
http://www.vupen.com/english/advisories/2007/3051
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://secunia.com/advisories/26680
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/26728
About Secunia Research | FlexeraBroken Link
-
https://issues.rpath.com/browse/RPL-1696
Broken Link
-
http://secunia.com/advisories/26676
About Secunia Research | FlexeraBroken Link
-
http://www.securityfocus.com/archive/1/478794/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:174
Advisories | MandrivaBroken Link
Products affected by CVE-2007-4000
- cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*