First published: Sun Dec 31 2006(Updated: )
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MIT Kerberos 5 | =1.4 | |
MIT Kerberos 5 | =1.4.1 | |
MIT Kerberos 5 | =1.4.2 | |
MIT Kerberos 5 | =1.4.3 | |
MIT Kerberos 5 | =1.4.4 | |
MIT Kerberos 5 | =1.5 | |
MIT Kerberos 5 | =1.5.1 | |
Ubuntu | =6.06 | |
Ubuntu | =6.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-6143 has a severity level that indicates it can lead to a denial of service (DoS) attack.
CVE-2006-6143 affects MIT Kerberos 5 versions 1.4 through 1.4.4 and 1.5 through 1.5.1, as well as certain versions of Ubuntu Linux.
To fix CVE-2006-6143, you should upgrade to a patched version of MIT Kerberos 5 that is not affected by this vulnerability.
Exploiting CVE-2006-6143 could allow remote attackers to crash the system by triggering a denial of service condition.
CVE-2006-6143 is specifically noted to affect MIT Kerberos implementations on systems like Ubuntu Linux versions 6.06 and 6.10.