CVE-2007-4000

Name: CVE-2007-4000
Creator: NVD / NIST
Published: 2007-09-05T10:17:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 6.14%

Last modified Jun 16, 2026

CVE-2007-4000 is a vulnerability of currently unknown severity. The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.. EPSS estimates a 6.14% chance of exploitation in the next 30 days.

Description

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

Metrics

EPSS Probability

6.14%

92.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-824

Affected Software

Vendor	Product	Versions
Mit	Kerberos 5	>= 1.5, <= 1.6.2
Fedoraproject	Fedora	7

References

http://secunia.com/advisories/26676Broken Link
http://secunia.com/advisories/26680Broken Link
http://secunia.com/advisories/26700Broken Link
http://secunia.com/advisories/26728Broken Link
http://secunia.com/advisories/26783Broken Link
http://secunia.com/advisories/26987Broken Link
http://securityreason.com/securityalert/3092Broken Link
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txtVendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200709-01.xmlThird Party Advisory
http://www.kb.cert.org/vuls/id/377544Third Party Advisory, US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:174Broken Link
http://www.novell.com/linux/security/advisories/2007_19_sr.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2007-0858.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/478794/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/25533Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1018647Broken Link, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/3051Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=250976Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/36438Broken Link, VDB Entry
https://issues.rpath.com/browse/RPL-1696Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9278Broken Link
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.htmlMailing List
http://secunia.com/advisories/26676Broken Link
http://secunia.com/advisories/26680Broken Link
http://secunia.com/advisories/26700Broken Link
http://secunia.com/advisories/26728Broken Link
http://secunia.com/advisories/26783Broken Link
http://secunia.com/advisories/26987Broken Link
http://securityreason.com/securityalert/3092Broken Link
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txtVendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200709-01.xmlThird Party Advisory
http://www.kb.cert.org/vuls/id/377544Third Party Advisory, US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:174Broken Link
http://www.novell.com/linux/security/advisories/2007_19_sr.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2007-0858.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/478794/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/25533Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1018647Broken Link, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/3051Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=250976Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/36438Broken Link, VDB Entry
https://issues.rpath.com/browse/RPL-1696Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9278Broken Link
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.htmlMailing List

Timeline

Published: Sep 5, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-4000?

How severe is CVE-2007-4000?

Severity scoring for CVE-2007-4000 is pending analysis. The EPSS model estimates a 6.14% probability of exploitation in the next 30 days.

How do I fix CVE-2007-4000?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-4000?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST