CVE-2007-4000

krb5 kadmind uninitialized pointer

Severity Score

8.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

La función kadm5_modify_policy_internal en lib/kadm5/srv/svr_policy.c del demonio de administración de Kerberos (kadmind) en MIT Kerberos 5 (krb5) 1.5 hasta 1.6.2 no comprueba adecuadamente los valores de retorno cuando no existe política, lo cual podría permitir a usuarios autenticados remotos con el privilegio de "modificar política" ejecutar código de su elección mediante vectores no especificados que provocan una escritura en un puntero no inicializado.

*Credits: N/A

CVSS Scores

NISTv2 8.5

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-07-25 CVE Reserved
2007-09-05 CVE Published
2024-08-07 CVE Updated
2024-08-16 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-824: Access of Uninitialized Pointer

CAPEC

References (23)

URL	Tag	Source
http://secunia.com/advisories/26676	Broken Link
http://secunia.com/advisories/26680	Broken Link
http://secunia.com/advisories/26700	Broken Link
http://secunia.com/advisories/26728	Broken Link
http://secunia.com/advisories/26783	Broken Link
http://secunia.com/advisories/26987	Broken Link
http://securityreason.com/securityalert/3092	Broken Link
http://www.kb.cert.org/vuls/id/377544	Third Party Advisory
http://www.securityfocus.com/archive/1/478794/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/25533	Broken Link
http://www.securitytracker.com/id?1018647	Broken Link
http://www.vupen.com/english/advisories/2007/3051	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/36438	Broken Link
https://issues.rpath.com/browse/RPL-1696	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9278	Broken Link

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt	2024-02-09
http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml	2024-02-09
http://www.mandriva.com/security/advisories?name=MDKSA-2007:174	2024-02-09
http://www.novell.com/linux/security/advisories/2007_19_sr.html	2024-02-09
http://www.redhat.com/support/errata/RHSA-2007-0858.html	2024-02-09
https://bugzilla.redhat.com/show_bug.cgi?id=250976	2007-09-04
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html	2024-02-09
https://access.redhat.com/security/cve/CVE-2007-4000	2007-09-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				>= 1.5 <= 1.6.2 Search vendor "Mit" for product "Kerberos 5" and version " >= 1.5 <= 1.6.2"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				7 Search vendor "Fedoraproject" for product "Fedora" and version "7"		-		Affected