Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2007-4000 | First vendor Publication | 2007-09-05 |
Vendor | Cve | Last vendor Modification | 2024-02-09 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 8.5 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4000 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22682 | |||
Oval ID: | oval:org.mitre.oval:def:22682 | ||
Title: | ELSA-2007:0858: krb5 security update (Important) | ||
Description: | The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0858-01 CVE-2007-3999 CVE-2007-4000 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9278 | |||
Oval ID: | oval:org.mitre.oval:def:9278 | ||
Title: | The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. | ||
Description: | The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4000 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for krb5 MDKSA-2007:174 (krb5) File : nvt/gb_mandriva_MDKSA_2007_174.nasl |
2009-04-09 | Name : Mandriva Update for krb5 MDKSA-2007:174-1 (krb5) File : nvt/gb_mandriva_MDKSA_2007_174_1.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-2017 File : nvt/gb_fedora_2007_2017_krb5_fc7.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-2066 File : nvt/gb_fedora_2007_2066_krb5_fc7.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-690 File : nvt/gb_fedora_2007_690_krb5_fc6.nasl |
2009-02-16 | Name : Fedora Update for krb5 FEDORA-2008-2637 File : nvt/gb_fedora_2008_2637_krb5_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200709-01 (mit-krb5) File : nvt/glsa_200709_01.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-01 (librcpsecgss) File : nvt/glsa_200710_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37325 | MIT Kerberos 5 kadmind lib/kadm5/srv/svr_policy.c kadm5_modify_policy_interna... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0858.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070904_krb5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0858.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-4192.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-4249.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-511-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2017.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_krb5-4191.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_krb5-4248.nasl - Type : ACT_GATHER_INFO |
2007-10-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-01.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200709-01.nasl - Type : ACT_GATHER_INFO |
2007-09-07 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-174.nasl - Type : ACT_GATHER_INFO |
2007-09-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-690.nasl - Type : ACT_GATHER_INFO |
2007-09-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0858.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-09 09:27:58 |
|
2021-05-04 12:06:11 |
|
2021-04-22 01:06:44 |
|
2020-05-23 00:20:12 |
|
2018-10-16 00:19:11 |
|
2017-09-29 09:23:09 |
|
2017-07-29 12:02:25 |
|
2016-04-26 16:25:01 |
|
2014-02-17 10:41:07 |
|
2013-05-11 10:32:33 |
|