Unrated severityNVD Advisory· Published Sep 5, 2007· Updated Apr 23, 2026
CVE-2007-4000
CVE-2007-4000
Description
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.
Affected products
2- cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
22- web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txtnvdVendor Advisory
- www.gentoo.org/security/en/glsa/glsa-200709-01.xmlnvdThird Party Advisory
- www.kb.cert.org/vuls/id/377544nvdThird Party AdvisoryUS Government Resource
- www.redhat.com/support/errata/RHSA-2007-0858.htmlnvdThird Party Advisory
- www.securityfocus.com/archive/1/478794/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/25533nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- secunia.com/advisories/26676nvdBroken Link
- secunia.com/advisories/26680nvdBroken Link
- secunia.com/advisories/26700nvdBroken Link
- secunia.com/advisories/26728nvdBroken Link
- secunia.com/advisories/26783nvdBroken Link
- secunia.com/advisories/26987nvdBroken Link
- securityreason.com/securityalert/3092nvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.novell.com/linux/security/advisories/2007_19_sr.htmlnvdBroken Link
- www.vupen.com/english/advisories/2007/3051nvdBroken Link
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- exchange.xforce.ibmcloud.com/vulnerabilities/36438nvdBroken LinkVDB Entry
- issues.rpath.com/browse/RPL-1696nvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9278nvdBroken Link
- www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.htmlnvdMailing List
News mentions
0No linked articles in our index yet.