CVE - CVE-2006-6144

CVE-ID
CVE-2006-6144	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070109 MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers URL:http://www.securityfocus.com/archive/1/archive/1/456409/100/0/threaded CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt CONFIRM:https://issues.rpath.com/browse/RPL-925 FEDORA:FEDORA-2007-033 URL:http://fedoranews.org/cms/node/2375 GENTOO:GLSA-200701-21 URL:http://security.gentoo.org/glsa/glsa-200701-21.xml OPENPKG:OpenPKG-SA-2007.006 URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html SUNALERT:102772 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1 SUNALERT:201294 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-201294-1 SUSE:SUSE-SA:2007:004 URL:http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html CERT:TA07-009B URL:http://www.us-cert.gov/cas/techalerts/TA07-009B.html CERT-VN:VU#831452 URL:http://www.kb.cert.org/vuls/id/831452 BID:21975 URL:http://www.securityfocus.com/bid/21975 SECUNIA:35151 URL:http://secunia.com/advisories/35151 VUPEN:ADV-2007-0111 URL:http://www.vupen.com/english/advisories/2007/0111 VUPEN:ADV-2007-0112 URL:http://www.vupen.com/english/advisories/2007/0112 OSVDB:31280 URL:http://osvdb.org/31280 SECTRACK:1017494 URL:http://securitytracker.com/id?1017494 SECUNIA:23690 URL:http://secunia.com/advisories/23690 SECUNIA:23701 URL:http://secunia.com/advisories/23701 SECUNIA:23706 URL:http://secunia.com/advisories/23706 SECUNIA:23903 URL:http://secunia.com/advisories/23903 XF:kerberos-gssapi-code-execution(31417) URL:http://xforce.iss.net/xforce/xfdb/31417
Date Entry Created
20061128	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061128)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Common Vulnerabilities and Exposures

CVE-2006-6144