ID CVE-2006-6144
Summary The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.
References
Vulnerable Configurations
  • MIT Kerberos 5 1.5
    cpe:2.3:a:mit:kerberos:5-1.5
  • MIT Kerberos 5 1.5.1
    cpe:2.3:a:mit:kerberos:5-1.5.1
CVSS
Base: 5.0 (as of 10-01-2007 - 10:12)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_141719.NASL
    description SunOS 5.10: libgss.so.1 patch. Date this patch was last updated by Sun : Jun/03/09
    last seen 2018-09-01
    modified 2018-08-13
    plugin id 39308
    published 2009-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39308
    title Solaris 10 (sparc) : 141719-01
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_115168.NASL
    description SunOS 5.9_x86: krb5, gss patch. Date this patch was last updated by Sun : Sep/14/10
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 13620
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13620
    title Solaris 9 (x86) : 115168-24
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_112908.NASL
    description SunOS 5.9: krb5, gss patch. Date this patch was last updated by Sun : Sep/14/10
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 13520
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13520
    title Solaris 9 (sparc) : 112908-38
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_141720.NASL
    description SunOS 5.10_x86: libgss.so.1 patch. Date this patch was last updated by Sun : Jun/03/09
    last seen 2018-09-01
    modified 2018-08-13
    plugin id 39310
    published 2009-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39310
    title Solaris 10 (x86) : 141720-01
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_141719-01.NASL
    description SunOS 5.10: libgss.so.1 patch. Date this patch was last updated by Sun : Jun/03/09
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 107529
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107529
    title Solaris 10 (sparc) : 141719-01
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_141720-01.NASL
    description SunOS 5.10_x86: libgss.so.1 patch. Date this patch was last updated by Sun : Jun/03/09
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 108028
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108028
    title Solaris 10 (x86) : 141720-01
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KRB5-2440.NASL
    description Bugs in the handling of pointers to uninitializes resp. already freed memory could potentially be abused by attackers to execute code. (CVE-2006-6144 / CVE-2006-6143)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29491
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29491
    title SuSE 10 Security Update : Kerberos5 (ZYPP Patch Number 2440)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-033.NASL
    description This update incorporates fixes for recently-announced bugs found in the kadmind daemon. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24189
    published 2007-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24189
    title Fedora Core 6 : krb5-1.5-13 (2007-033)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KRB5-2442.NASL
    description Bugs in the handling of pointers to uninitializes resp. already freed memory could potentially be abused by attackers to execute code (CVE-2006-6144, CVE-2006-6143).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27307
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27307
    title openSUSE 10 Security Update : krb5 (krb5-2442)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200701-21.NASL
    description The remote host is affected by the vulnerability described in GLSA-200701-21 (MIT Kerberos 5: Arbitrary Remote Code Execution) The Kerberos administration daemon, and possibly other applications using the GSS-API or RPC libraries, could potentially call a function pointer in a freed heap buffer, or attempt to free an uninitialized pointer. Impact : A remote attacker may be able to crash an affected application, or potentially execute arbitrary code with root privileges. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 24257
    published 2007-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24257
    title GLSA-200701-21 : MIT Kerberos 5: Arbitrary Remote Code Execution
refmap via4
bid 21975
bugtraq 20070109 MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers
cert TA07-009B
cert-vn VU#831452
confirm
fedora FEDORA-2007-033
gentoo GLSA-200701-21
openpkg OpenPKG-SA-2007.006
osvdb 31280
sectrack 1017494
secunia
  • 23690
  • 23701
  • 23706
  • 23903
  • 35151
sunalert
  • 102772
  • 201294
suse SUSE-SA:2007:004
vupen
  • ADV-2007-0111
  • ADV-2007-0112
xf kerberos-gssapi-code-execution(31417)
statements via4
  • contributor Vincent Danen
    lastmodified 2007-01-19
    organization Mandriva
    statement Not vulnerable. Mandriva 2007.0 and earlier ship with Kerberos 5 version 1.4.x and as a result are not vulnerable to these issues.
  • contributor Mark J Cox
    lastmodified 2007-03-14
    organization Red Hat
    statement Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 07-03-2011 - 21:45
Published 31-12-2006 - 00:00
Last modified 17-10-2018 - 17:46
Back to Top