CVE-2007-4000
EPSS 30.4%
Description
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.
How to fix CVE-2007-4000
To remediate CVE-2007-4000, upgrade the affected package to a fixed version below.
- Debian/krb5—upgrade to 1.6.dfsg.1-7 or later
Is CVE-2007-4000 being exploited?
Moderate — EPSS is 30.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.6.dfsg.1-7