CVE - CVE-2006-6144

CVE-ID
CVE-2006-6144	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:21975 URL:http://www.securityfocus.com/bid/21975 BUGTRAQ:20070109 MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers URL:http://www.securityfocus.com/archive/1/456409/100/0/threaded CERT:TA07-009B URL:http://www.us-cert.gov/cas/techalerts/TA07-009B.html CERT-VN:VU#831452 URL:http://www.kb.cert.org/vuls/id/831452 CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt CONFIRM:https://issues.rpath.com/browse/RPL-925 FEDORA:FEDORA-2007-033 URL:http://fedoranews.org/cms/node/2375 GENTOO:GLSA-200701-21 URL:http://security.gentoo.org/glsa/glsa-200701-21.xml OPENPKG:OpenPKG-SA-2007.006 URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html OSVDB:31280 URL:~~http://osvdb.org/31280~~ (Obsolete source) SECTRACK:1017494 URL:http://securitytracker.com/id?1017494 SECUNIA:23690 URL:http://secunia.com/advisories/23690 SECUNIA:23701 URL:http://secunia.com/advisories/23701 SECUNIA:23706 URL:http://secunia.com/advisories/23706 SECUNIA:23903 URL:http://secunia.com/advisories/23903 SECUNIA:35151 URL:http://secunia.com/advisories/35151 SUNALERT:102772 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1~~ (Obsolete source) SUNALERT:201294 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-201294-1~~ (Obsolete source) SUSE:SUSE-SA:2007:004 URL:http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html VUPEN:ADV-2007-0111 URL:~~http://www.vupen.com/english/advisories/2007/0111~~ (Obsolete source) VUPEN:ADV-2007-0112 URL:~~http://www.vupen.com/english/advisories/2007/0112~~ (Obsolete source) XF:kerberos-gssapi-code-execution(31417) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/31417
Assigning CNA
MITRE Corporation
Date Record Created
20061128	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061128)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)