CVE-2007-4000 Information
Description
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist which might allow remote authenticated users with the \modify policy\ privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.
Reference
http://secunia.com/advisories/26676 http://secunia.com/advisories/26680 http://secunia.com/advisories/26700 http://secunia.com/advisories/26728 http://secunia.com/advisories/26783 http://secunia.com/advisories/26987 http://securityreason.com/securityalert/3092 http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml http://www.kb.cert.org/vuls/id/377544 http://www.mandriva.com/security/advisories?name=MDKSA-2007:174 http://www.novell.com/linux/security/advisories/2007_19_sr.html http://www.redhat.com/support/errata/RHSA-2007-0858.html http://www.securityfocus.com/archive/1/478794/100/0/threaded http://www.securityfocus.com/bid/25533 http://www.securitytracker.com/id?1018647 http://www.vupen.com/english/advisories/2007/3051 https://bugzilla.redhat.com/show_bug.cgi?id=250976 https://exchange.xforce.ibmcloud.com/vulnerabilities/36438 https://issues.rpath.com/browse/RPL-1696 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9278 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html
Share on: