CVE-2007-4000Access of Uninitialized Pointer in Kerberos 5

CWE-824Access of Uninitialized Pointer13 documents8 sources
Severity
8.5HIGHNVD
EPSS
23.8%
top 3.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MIT Krb5MIT Kerberos 5Fedoraproject Fedora
Timeline
PublishedSep 5
Latest updateMay 1

Description

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages2 packages

NVDmit/kerberos_51.51.6.2
Debianmit/krb5< 1.6.dfsg.1-7+3

Also affects: Fedora 7

🔴Vulnerability Details

3
GHSA
GHSA-rjp4-vqhr-2249: The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy2022-05-01
CVEList
CVE-2007-4000: The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy2007-09-05
OSV
CVE-2007-4000: The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy2007-09-05

💥Exploits & PoCs

6
Exploit-DB
HP Instant Support - Driver Check Remote Buffer Overflow (PoC)2007-07-02
Exploit-DB
LeadTools Raster OCR Document Object Library - Memory Corruption2007-05-30
Exploit-DB
Remote Display Dev kit 1.2.1.0 - 'RControl.dll' Denial of Service2007-05-10
Exploit-DB
Versalsoft HTTP File Uploader - ActiveX 6.36 AddFile Remote Denial of Service2007-05-07
Exploit-DB
NetSprint Ask IE Toolbar 1.1 - Multiple Denial of Service Vulnerabilities2007-04-17

📋Vendor Advisories

2
Red Hat
krb5 kadmind uninitialized pointer2007-09-04
Debian
CVE-2007-4000: krb5 - The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the K...2007

💬Community

1
Bugzilla
CVE-2007-4000 krb5 kadmind uninitialized pointer2007-08-06
CVE-2007-4000 — Access of Uninitialized Pointer | cvebase