CVE-2006-6143
First published: Sun Dec 31 2006(Updated: )
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MIT Kerberos 5 | =1.4 | |
| MIT Kerberos 5 | =1.4.1 | |
| MIT Kerberos 5 | =1.4.2 | |
| MIT Kerberos 5 | =1.4.3 | |
| MIT Kerberos 5 | =1.4.4 | |
| MIT Kerberos 5 | =1.5 | |
| MIT Kerberos 5 | =1.5.1 | |
| Canonical Ubuntu Linux | =6.06 | |
| Canonical Ubuntu Linux | =6.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
- http://www.us-cert.gov/cas/techalerts/TA07-009B.html
- http://www.kb.cert.org/vuls/id/481564
- http://fedoranews.org/cms/node/2375
- http://fedoranews.org/cms/node/2376
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html
- http://www.securityfocus.com/bid/21970
- http://secunia.com/advisories/23696
- http://secunia.com/advisories/23701
- http://secunia.com/advisories/23706
- http://secunia.com/advisories/23707
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:008
- http://securitytracker.com/id?1017493
- http://secunia.com/advisories/23667
- http://www.ubuntu.com/usn/usn-408-1
- http://secunia.com/advisories/23772
- https://issues.rpath.com/browse/RPL-925
- http://security.gentoo.org/glsa/glsa-200701-21.xml
- http://secunia.com/advisories/23903
- http://docs.info.apple.com/article.html?artnum=305391
- http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
- http://secunia.com/advisories/24966
- http://www.us-cert.gov/cas/techalerts/TA07-109A.html
- http://osvdb.org/31281
- http://www.vupen.com/english/advisories/2007/1470
- http://www.vupen.com/english/advisories/2007/0111
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31422
- http://www.securityfocus.com/archive/1/456406/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/mit
- canonical/mit kerberos 5
- version/mit kerberos 5/1.4
- version/mit kerberos 5/1.4.1
- version/mit kerberos 5/1.4.2
- version/mit kerberos 5/1.4.3
- version/mit kerberos 5/1.4.4
- version/mit kerberos 5/1.5
- version/mit kerberos 5/1.5.1
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/6.06
- version/canonical ubuntu linux/6.10