Vulnerabilities > CVE-2006-6143 - Access of Uninitialized Pointer vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-034.NASL
    descriptionThis update incorporates a fix for a recently-announced bug found in the kadmind daemon. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24190
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24190
    titleFedora Core 5 : krb5-1.4.3-5.3 (2007-034)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2007-004.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4 that does not have Security Update 2007-004 applied. This update fixes security flaws in the following applications : AFP Client AirPort CarbonCore diskdev_cmds fetchmail ftpd gnutar Help Viewer HID Family Installer Kerberos Libinfo Login Window network_cmds SMB System Configuration URLMount Video Conference WebDAV
    last seen2020-06-01
    modified2020-06-02
    plugin id25081
    published2007-04-21
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25081
    titleMac OS X Multiple Vulnerabilities (Security Update 2007-004)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-408-1.NASL
    descriptionThe server-side portion of Kerberos
    last seen2020-06-01
    modified2020-06-02
    plugin id27996
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27996
    titleUbuntu 6.06 LTS / 6.10 : krb5 vulnerability (USN-408-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-008.NASL
    descriptionA vulnerability in the RPC library in Kerberos 1.4.x and 1.5.x as used in the kadmind administration daemon calls an uninitialized function pointer in freed memory, which could allow a remote attacker to cause a Denial of Service and possibly execute arbitrary code via unspecified vectors. Updated packages are patched to address this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24624
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24624
    titleMandrake Linux Security Advisory : krb5 (MDKSA-2007:008)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KRB5-2442.NASL
    descriptionBugs in the handling of pointers to uninitializes resp. already freed memory could potentially be abused by attackers to execute code (CVE-2006-6144, CVE-2006-6143).
    last seen2020-06-01
    modified2020-06-02
    plugin id27307
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27307
    titleopenSUSE 10 Security Update : krb5 (krb5-2442)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200701-21.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200701-21 (MIT Kerberos 5: Arbitrary Remote Code Execution) The Kerberos administration daemon, and possibly other applications using the GSS-API or RPC libraries, could potentially call a function pointer in a freed heap buffer, or attempt to free an uninitialized pointer. Impact : A remote attacker may be able to crash an affected application, or potentially execute arbitrary code with root privileges. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id24257
    published2007-01-26
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24257
    titleGLSA-200701-21 : MIT Kerberos 5: Arbitrary Remote Code Execution
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2007_004.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2007:004 (krb5). Various bugs in the Kerberos5 libraries and tools were fixed which could be used by remote attackers to crash and potentially execute code in kadmind. - CVE-2006-6144 / MITKRB5-SA-2006-002: the RPC library could call an uninitialized function pointer, which created a security vulnerability for kadmind. - CVE-2006-6143 / MITKRB5-SA-2006-003: the GSS-API mechglue layer could fail to initialize some output pointers, causing callers to attempt to free uninitialized pointers. This caused a security vulnerability in kadmind.
    last seen2019-10-28
    modified2007-02-18
    plugin id24458
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24458
    titleSUSE-SA:2007:004: krb5
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KRB5-2440.NASL
    descriptionBugs in the handling of pointers to uninitializes resp. already freed memory could potentially be abused by attackers to execute code. (CVE-2006-6144 / CVE-2006-6143)
    last seen2020-06-01
    modified2020-06-02
    plugin id29491
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29491
    titleSuSE 10 Security Update : Kerberos5 (ZYPP Patch Number 2440)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-033.NASL
    descriptionThis update incorporates fixes for recently-announced bugs found in the kadmind daemon. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24189
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24189
    titleFedora Core 6 : krb5-1.5-13 (2007-033)

Statements

contributorMark J Cox
lastmodified2007-03-14
organizationRed Hat
statementNot vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.