The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-05T10:00:00

Updated: 2024-08-07T14:37:05.906Z

Reserved: 2007-07-25T00:00:00

Link: CVE-2007-4000

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-09-05T10:17:00.000

Modified: 2024-11-21T00:34:33.590

Link: CVE-2007-4000

cve-icon Redhat

Severity : Important

Publid Date: 2007-09-04T19:00:00Z

Links: CVE-2007-4000 - Bugzilla