ID CVE-2006-6143
Summary The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
References
Vulnerable Configurations
  • MIT Kerberos 5 1.4
    cpe:2.3:a:mit:kerberos:5-1.4
  • MIT Kerberos 5 1.4.1
    cpe:2.3:a:mit:kerberos:5-1.4.1
  • MIT Kerberos 5 1.4.2
    cpe:2.3:a:mit:kerberos:5-1.4.2
  • MIT Kerberos 5 1.4.3
    cpe:2.3:a:mit:kerberos:5-1.4.3
  • MIT Kerberos 5 1.4.4
    cpe:2.3:a:mit:kerberos:5-1.4.4
  • MIT Kerberos 5 1.5
    cpe:2.3:a:mit:kerberos:5-1.5
  • MIT Kerberos 5 1.5.1
    cpe:2.3:a:mit:kerberos:5-1.5.1
CVSS
Base: 9.3 (as of 10-01-2007 - 10:12)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-008.NASL
    description A vulnerability in the RPC library in Kerberos 1.4.x and 1.5.x as used in the kadmind administration daemon calls an uninitialized function pointer in freed memory, which could allow a remote attacker to cause a Denial of Service and possibly execute arbitrary code via unspecified vectors. Updated packages are patched to address this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24624
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24624
    title Mandrake Linux Security Advisory : krb5 (MDKSA-2007:008)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KRB5-2440.NASL
    description Bugs in the handling of pointers to uninitializes resp. already freed memory could potentially be abused by attackers to execute code. (CVE-2006-6144 / CVE-2006-6143)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29491
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29491
    title SuSE 10 Security Update : Kerberos5 (ZYPP Patch Number 2440)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-033.NASL
    description This update incorporates fixes for recently-announced bugs found in the kadmind daemon. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24189
    published 2007-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24189
    title Fedora Core 6 : krb5-1.5-13 (2007-033)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KRB5-2442.NASL
    description Bugs in the handling of pointers to uninitializes resp. already freed memory could potentially be abused by attackers to execute code (CVE-2006-6144, CVE-2006-6143).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27307
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27307
    title openSUSE 10 Security Update : krb5 (krb5-2442)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-034.NASL
    description This update incorporates a fix for a recently-announced bug found in the kadmind daemon. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24190
    published 2007-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24190
    title Fedora Core 5 : krb5-1.4.3-5.3 (2007-034)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-408-1.NASL
    description The server-side portion of Kerberos' RPC library had a memory management flaw which allowed users of that library to call a function pointer located in unallocated memory. By doing specially crafted calls to the kadmind server, a remote attacker could exploit this to execute arbitrary code with root privileges on the target computer. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 27996
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27996
    title Ubuntu 6.06 LTS / 6.10 : krb5 vulnerability (USN-408-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200701-21.NASL
    description The remote host is affected by the vulnerability described in GLSA-200701-21 (MIT Kerberos 5: Arbitrary Remote Code Execution) The Kerberos administration daemon, and possibly other applications using the GSS-API or RPC libraries, could potentially call a function pointer in a freed heap buffer, or attempt to free an uninitialized pointer. Impact : A remote attacker may be able to crash an affected application, or potentially execute arbitrary code with root privileges. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 24257
    published 2007-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24257
    title GLSA-200701-21 : MIT Kerberos 5: Arbitrary Remote Code Execution
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-004.NASL
    description The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2007-004 applied. This update fixes security flaws in the following applications : AFP Client AirPort CarbonCore diskdev_cmds fetchmail ftpd gnutar Help Viewer HID Family Installer Kerberos Libinfo Login Window network_cmds SMB System Configuration URLMount Video Conference WebDAV
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 25081
    published 2007-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25081
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-004)
refmap via4
apple APPLE-SA-2007-04-19
bid 21970
bugtraq 20070109 MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer
cert
  • TA07-009B
  • TA07-109A
cert-vn VU#481564
confirm
fedora
  • FEDORA-2007-033
  • FEDORA-2007-034
gentoo GLSA-200701-21
mandriva MDKSA-2007:008
openpkg OpenPKG-SA-2007.006
osvdb 31281
sectrack 1017493
secunia
  • 23667
  • 23696
  • 23701
  • 23706
  • 23707
  • 23772
  • 23903
  • 24966
suse SUSE-SA:2007:004
ubuntu USN-408-1
vupen
  • ADV-2007-0111
  • ADV-2007-1470
xf kerberos-rpc-code-execution(31422)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 07-03-2011 - 21:45
Published 31-12-2006 - 00:00
Last modified 17-10-2018 - 17:46
Back to Top