Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2007-4000
HistorySep 05, 2007 - 10:17 a.m.

CVE-2007-4000

2007-09-0510:17:00
Debian Security Bug Tracker
security-tracker.debian.org
11

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.338 Low

EPSS

Percentile

97.0%

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the “modify policy” privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.338 Low

EPSS

Percentile

97.0%