CVE-2006-6143

Published Dec 31, 2006

Last updated 9 months ago

CVSS info 9.3

Overview

Description: The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-824

Hype score: Not currently trending

Vendor comments

Red HatNot vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52F0EECF-7787-442B-9888-D22F7D36C3DE"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF344AED-BE00-4A9B-A9DE-C6FB0BEE4617"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "567406CA-58D8-453E-B36E-6D1D2EFC8EB6"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7830E03F-A813-4E35-893E-BF27395CEFB3"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7764411E-C056-4696-822E-235F2620FAC4"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DD315AE-868B-4061-BF01-CDBF59B02499"
          },
          {
            "criteria": "cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B639DD5F-71C7-4D9B-BA5C-51CAF64140B6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References