Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2007-4000
HistorySep 05, 2007 - 10:17 a.m.

CVE-2007-4000

2007-09-0510:17:00
Debian Security Bug Tracker
security-tracker.debian.org
11

0.338 Low

EPSS

Percentile

97.1%

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the β€œmodify policy” privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.