Lucene search

PRIOn knowledge basePRION:CVE-2007-4000

HistorySep 05, 2007 - 10:17 a.m.

Null pointer dereference

2007-09-0510:17:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.338 Low

EPSS

Percentile

96.9%

JSON

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the “modify policy” privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

CPENameOperatorVersion
fedoraeq7
kerberos_5ge1.5
kerberos_5le1.6.2

Name	Operator	Version
fedora	eq	7
kerberos_5	ge	1.5
kerberos_5	le	1.6.2

References

secunia.com/advisories/26676

secunia.com/advisories/26680

secunia.com/advisories/26700

secunia.com/advisories/26728

secunia.com/advisories/26783

secunia.com/advisories/26987

securityreason.com/securityalert/3092

web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt

www.gentoo.org/security/en/glsa/glsa-200709-01.xml

www.kb.cert.org/vuls/id/377544

www.mandriva.com/security/advisories?name=MDKSA-2007:174

www.novell.com/linux/security/advisories/2007_19_sr.html

www.redhat.com/support/errata/RHSA-2007-0858.html

www.securityfocus.com/archive/1/478794/100/0/threaded

www.securityfocus.com/bid/25533

www.securitytracker.com/id?1018647

www.vupen.com/english/advisories/2007/3051

bugzilla.redhat.com/show_bug.cgi?id=250976

exchange.xforce.ibmcloud.com/vulnerabilities/36438

issues.rpath.com/browse/RPL-1696

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9278

www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html

7.3 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.338 Low

EPSS

Percentile

96.9%

JSON

Related for PRION:CVE-2007-4000