ID CVE-2006-6144
Summary The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 02-02-2021 - 18:13)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 21975
bugtraq 20070109 MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers
cert TA07-009B
cert-vn VU#831452
confirm
fedora FEDORA-2007-033
gentoo GLSA-200701-21
openpkg OpenPKG-SA-2007.006
osvdb 31280
sectrack 1017494
secunia
  • 23690
  • 23701
  • 23706
  • 23903
  • 35151
sunalert
  • 102772
  • 201294
suse SUSE-SA:2007:004
vupen
  • ADV-2007-0111
  • ADV-2007-0112
xf kerberos-gssapi-code-execution(31417)
statements via4
  • contributor Vincent Danen
    lastmodified 2007-01-19
    organization Mandriva
    statement Not vulnerable. Mandriva 2007.0 and earlier ship with Kerberos 5 version 1.4.x and as a result are not vulnerable to these issues.
  • contributor Mark J Cox
    lastmodified 2007-03-14
    organization Red Hat
    statement Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 02-02-2021 - 18:13
Published 31-12-2006 - 05:00
Last modified 02-02-2021 - 18:13
Back to Top