DEBIAN-CVE-2007-4000

DEBIAN-CVE-2007-4000 PUBLISHED CVSS 8.600000381469727 HIGH

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

Risk Scores

CVSS v4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:14	krb5	0, 0, 0
Debian:11	krb5	0, 0, 0
Debian:12	krb5	0, 0, 0
Debian:13	krb5	0, 0, 0

Timeline

Sep 5, 2007 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2007-4000 advisory

Open in Interactive Console →