CVE-2007-4000

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

References

http://secunia.com/advisories/26676

http://secunia.com/advisories/26680

http://secunia.com/advisories/26700

http://secunia.com/advisories/26728

http://secunia.com/advisories/26783

http://secunia.com/advisories/26987

http://securityreason.com/securityalert/3092

http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt

http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml

http://www.kb.cert.org/vuls/id/377544

http://www.mandriva.com/security/advisories?name=MDKSA-2007:174

http://www.novell.com/linux/security/advisories/2007_19_sr.html

http://www.redhat.com/support/errata/RHSA-2007-0858.html

http://www.securityfocus.com/archive/1/478794/100/0/threaded

http://www.securityfocus.com/bid/25533

http://www.securitytracker.com/id?1018647

http://www.vupen.com/english/advisories/2007/3051

https://bugzilla.redhat.com/show_bug.cgi?id=250976

https://exchange.xforce.ibmcloud.com/vulnerabilities/36438

https://issues.rpath.com/browse/RPL-1696

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9278

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html

Details

Source: MITRE

Published: 2007-09-05

Updated: 2020-01-21

Type: CWE-264

Risk Information

CVSS v2

Base Score: 8.5

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 6.8

Severity: HIGH

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
67562Oracle Linux 5 : krb5 (ELSA-2007-0858)NessusOracle Linux Local Security Checks
critical
60248Scientific Linux Security Update : krb5 on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
43650CentOS 5 : krb5 (CESA-2007:0858)NessusCentOS Local Security Checks
critical
29494SuSE 10 Security Update : Kerberos (ZYPP Patch Number 4192)NessusSuSE Local Security Checks
critical
28115Ubuntu 6.06 LTS / 6.10 / 7.04 : krb5, librpcsecgss vulnerability (USN-511-1)NessusUbuntu Local Security Checks
critical
27744Fedora 7 : krb5-1.6.1-3.fc7 (2007-2017)NessusFedora Local Security Checks
critical
27310openSUSE 10 Security Update : krb5 (krb5-4191)NessusSuSE Local Security Checks
critical
26041GLSA-200709-01 : MIT Kerberos 5: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
26006Mandrake Linux Security Advisory : krb5 (MDKSA-2007:174-1)NessusMandriva Local Security Checks
critical
25987RHEL 5 : krb5 (RHSA-2007:0858)NessusRed Hat Local Security Checks
critical