Launchpad.net

CVE 2007-4000

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

Related bugs and status

CVE-2007-4000 (Candidate) is related to these bugs:

Bug #137337: Please sync krb5 (main) from Debian unstable (main)

Summary				In	Importance	Status
	137337	Please sync krb5 (main) from Debian unstable (main)		krb5 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
CONFIRM: http://web.mit.edu/Ker...
REDHAT: RHSA-2007:0858
FEDORA: FEDORA-2007-2017
CERT-VN: VU#377544
BID: 25533
SECTRACK: 1018647
SECUNIA: 26680
SECUNIA: 26728
SECUNIA: 26676
SECUNIA: 26700
GENTOO: GLSA-200709-01
SECUNIA: 26783
CONFIRM: https://issues.rpath.c...
SUSE: SUSE-SR:2007:019
SECUNIA: 26987
MANDRIVA: MDKSA-2007:174
SREASON: 3092
VUPEN: ADV-2007-3051
XF: kerberos-modifypolicy-...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070907 FLEA-2007-005...