CVE-2006-6143 - The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administ

CVE-2006-6143

Summary

The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

References

Vulnerable Configurations

cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 09-02-2024 - 03:26)
Impact:
Exploitability:

CWE

CWE-824

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

apple	APPLE-SA-2007-04-19
bid	21970
bugtraq	20070109 MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer
cert	TA07-009B TA07-109A
cert-vn	VU#481564
confirm	http://docs.info.apple.com/article.html?artnum=305391 http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt https://issues.rpath.com/browse/RPL-925
fedora	FEDORA-2007-033 FEDORA-2007-034
gentoo	GLSA-200701-21
mandriva	MDKSA-2007:008
openpkg	OpenPKG-SA-2007.006
osvdb	31281
sectrack	1017493
secunia	23667 23696 23701 23706 23707 23772 23903 24966
suse	SUSE-SA:2007:004
ubuntu	USN-408-1
vupen	ADV-2007-0111 ADV-2007-1470
xf	kerberos-rpc-code-execution(31422)

statements via4

contributor	Mark J Cox
lastmodified	2007-03-14
organization	Red Hat
statement	Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Last major update

09-02-2024 - 03:26

Published

31-12-2006 - 05:00

Last modified

09-02-2024 - 03:26