Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-6143

The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Published

2006-12-31T05:00:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-824

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mit	kerberos_5	1.4	Yes
Application	mit	kerberos_5	1.4.1	Yes
Application	mit	kerberos_5	1.4.2	Yes
Application	mit	kerberos_5	1.4.3	Yes
Application	mit	kerberos_5	1.4.4	Yes
Application	mit	kerberos_5	1.5	Yes
Application	mit	kerberos_5	1.5.1	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	6.10	Yes

References

http://docs.info.apple.com/article.html?artnum=305391 Broken Link ([email protected])
http://fedoranews.org/cms/node/2375 Broken Link ([email protected])
http://fedoranews.org/cms/node/2376 Broken Link ([email protected])
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html Mailing List ([email protected])
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html Broken Link ([email protected])
http://osvdb.org/31281 Broken Link ([email protected])
http://secunia.com/advisories/23667 Broken Link ([email protected])
http://secunia.com/advisories/23696 Broken Link ([email protected])
http://secunia.com/advisories/23701 Broken Link ([email protected])
http://secunia.com/advisories/23706 Broken Link ([email protected])
http://secunia.com/advisories/23707 Broken Link ([email protected])
http://secunia.com/advisories/23772 Broken Link ([email protected])
http://secunia.com/advisories/23903 Broken Link ([email protected])
http://secunia.com/advisories/24966 Broken Link ([email protected])
http://security.gentoo.org/glsa/glsa-200701-21.xml Third Party Advisory ([email protected])
http://securitytracker.com/id?1017493 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt Patch, Vendor Advisory ([email protected])
http://www.kb.cert.org/vuls/id/481564 Patch, Third Party Advisory, US Government Resource ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:008 Third Party Advisory ([email protected])
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html Broken Link ([email protected])
http://www.securityfocus.com/archive/1/456406/100/0/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/21970 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-408-1 Third Party Advisory ([email protected])
http://www.us-cert.gov/cas/techalerts/TA07-009B.html Broken Link, Patch, Third Party Advisory, US Government Resource ([email protected])
http://www.us-cert.gov/cas/techalerts/TA07-109A.html Broken Link, Third Party Advisory, US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2007/0111 Broken Link ([email protected])
http://www.vupen.com/english/advisories/2007/1470 Broken Link ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/31422 Third Party Advisory, VDB Entry ([email protected])
https://issues.rpath.com/browse/RPL-925 Broken Link ([email protected])
http://docs.info.apple.com/article.html?artnum=305391 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://fedoranews.org/cms/node/2375 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://fedoranews.org/cms/node/2376 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/31281 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23667 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23696 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23701 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23706 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23707 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23772 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23903 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24966 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200701-21.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1017493 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/481564 Patch, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:008 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/456406/100/0/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/21970 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-408-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA07-009B.html Broken Link, Patch, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA07-109A.html Broken Link, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/0111 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/1470 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31422 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-925 Broken Link (af854a3a-2127-422b-91ae-364da2661108)