CVE-2007-4000

The kadm5modifypolicyinternal function in lib/kadm5/srv/svrpolicy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

References

http://secunia.com/advisories/26676
http://secunia.com/advisories/26680
http://secunia.com/advisories/26700
http://secunia.com/advisories/26728
http://secunia.com/advisories/26783
http://secunia.com/advisories/26987
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt
http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml
http://www.kb.cert.org/vuls/id/377544
http://www.mandriva.com/security/advisories?name=MDKSA-2007:174
http://www.novell.com/linux/security/advisories/2007_19_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0858.html
http://www.securityfocus.com/archive/1/478794/100/0/threaded
http://www.securityfocus.com/bid/25533
http://www.securitytracker.com/id?1018647
http://www.vupen.com/english/advisories/2007/3051
https://exchange.xforce.ibmcloud.com/vulnerabilities/36438
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html
https://bugzilla.redhat.com/show_bug.cgi?id=250976
http://securityreason.com/securityalert/3092
https://issues.rpath.com/browse/RPL-1696
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9278

CVE-2007-4000

Affected packages