CVE - CVE-2006-6143

CVE-ID
CVE-2006-6143	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2007-04-19 URL:http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html BID:21970 URL:http://www.securityfocus.com/bid/21970 BUGTRAQ:20070109 MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer URL:http://www.securityfocus.com/archive/1/456406/100/0/threaded CERT:TA07-009B URL:http://www.us-cert.gov/cas/techalerts/TA07-009B.html CERT:TA07-109A URL:http://www.us-cert.gov/cas/techalerts/TA07-109A.html CERT-VN:VU#481564 URL:http://www.kb.cert.org/vuls/id/481564 CONFIRM:http://docs.info.apple.com/article.html?artnum=305391 CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt CONFIRM:https://issues.rpath.com/browse/RPL-925 FEDORA:FEDORA-2007-033 URL:http://fedoranews.org/cms/node/2375 FEDORA:FEDORA-2007-034 URL:http://fedoranews.org/cms/node/2376 GENTOO:GLSA-200701-21 URL:http://security.gentoo.org/glsa/glsa-200701-21.xml MANDRIVA:MDKSA-2007:008 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:008 OPENPKG:OpenPKG-SA-2007.006 URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html OSVDB:31281 URL:http://osvdb.org/31281 SECTRACK:1017493 URL:http://securitytracker.com/id?1017493 SECUNIA:23667 URL:http://secunia.com/advisories/23667 SECUNIA:23696 URL:http://secunia.com/advisories/23696 SECUNIA:23701 URL:http://secunia.com/advisories/23701 SECUNIA:23706 URL:http://secunia.com/advisories/23706 SECUNIA:23707 URL:http://secunia.com/advisories/23707 SECUNIA:23772 URL:http://secunia.com/advisories/23772 SECUNIA:23903 URL:http://secunia.com/advisories/23903 SECUNIA:24966 URL:http://secunia.com/advisories/24966 SUSE:SUSE-SA:2007:004 URL:http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html UBUNTU:USN-408-1 URL:http://www.ubuntu.com/usn/usn-408-1 VUPEN:ADV-2007-0111 URL:http://www.vupen.com/english/advisories/2007/0111 VUPEN:ADV-2007-1470 URL:http://www.vupen.com/english/advisories/2007/1470 XF:kerberos-rpc-code-execution(31422) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/31422
Assigning CNA
MITRE Corporation
Date Record Created
20061128	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061128)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)