| ID |
CVE-2006-6144
|
| Summary |
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 5.0 (as of 02-02-2021 - 18:13) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-noinfo |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| refmap
via4
|
| bid | 21975 | | bugtraq | 20070109 MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers | | cert | TA07-009B | | cert-vn | VU#831452 | | confirm | | | fedora | FEDORA-2007-033 | | gentoo | GLSA-200701-21 | | openpkg | OpenPKG-SA-2007.006 | | osvdb | 31280 | | sectrack | 1017494 | | secunia | - 23690
- 23701
- 23706
- 23903
- 35151
| | sunalert | | | suse | SUSE-SA:2007:004 | | vupen | - ADV-2007-0111
- ADV-2007-0112
| | xf | kerberos-gssapi-code-execution(31417) |
|
| statements
via4
|
| contributor | Vincent Danen | | lastmodified | 2007-01-19 | | organization | Mandriva | | statement | Not vulnerable. Mandriva 2007.0 and earlier ship with Kerberos 5 version 1.4.x and as a result are not vulnerable to these issues.
|
| contributor | Mark J Cox | | lastmodified | 2007-03-14 | | organization | Red Hat | | statement | Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
|
| Last major update |
02-02-2021 - 18:13 |
| Published |
31-12-2006 - 05:00 |
| Last modified |
02-02-2021 - 18:13 |
