ID CVE-2006-6144
Summary The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos:-:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3:alpha1:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-10-2018 - 21:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 21975
bugtraq 20070109 MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers
cert TA07-009B
cert-vn VU#831452
confirm
fedora FEDORA-2007-033
gentoo GLSA-200701-21
openpkg OpenPKG-SA-2007.006
osvdb 31280
sectrack 1017494
secunia
  • 23690
  • 23701
  • 23706
  • 23903
  • 35151
sunalert
  • 102772
  • 201294
suse SUSE-SA:2007:004
vupen
  • ADV-2007-0111
  • ADV-2007-0112
xf kerberos-gssapi-code-execution(31417)
statements via4
  • contributor Vincent Danen
    lastmodified 2007-01-19
    organization Mandriva
    statement Not vulnerable. Mandriva 2007.0 and earlier ship with Kerberos 5 version 1.4.x and as a result are not vulnerable to these issues.
  • contributor Mark J Cox
    lastmodified 2007-03-14
    organization Red Hat
    statement Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 17-10-2018 - 21:46
Published 31-12-2006 - 05:00
Last modified 21-01-2020 - 15:45
Back to Top