Vulnerabilities > CVE-2006-6143 - Access of Uninitialized Pointer vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 | |
OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2007-034.NASL description This update incorporates a fix for a recently-announced bug found in the kadmind daemon. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24190 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24190 title Fedora Core 5 : krb5-1.4.3-5.3 (2007-034) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2007-004.NASL description The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2007-004 applied. This update fixes security flaws in the following applications : AFP Client AirPort CarbonCore diskdev_cmds fetchmail ftpd gnutar Help Viewer HID Family Installer Kerberos Libinfo Login Window network_cmds SMB System Configuration URLMount Video Conference WebDAV last seen 2020-06-01 modified 2020-06-02 plugin id 25081 published 2007-04-21 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25081 title Mac OS X Multiple Vulnerabilities (Security Update 2007-004) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-408-1.NASL description The server-side portion of Kerberos last seen 2020-06-01 modified 2020-06-02 plugin id 27996 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27996 title Ubuntu 6.06 LTS / 6.10 : krb5 vulnerability (USN-408-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-008.NASL description A vulnerability in the RPC library in Kerberos 1.4.x and 1.5.x as used in the kadmind administration daemon calls an uninitialized function pointer in freed memory, which could allow a remote attacker to cause a Denial of Service and possibly execute arbitrary code via unspecified vectors. Updated packages are patched to address this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24624 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24624 title Mandrake Linux Security Advisory : krb5 (MDKSA-2007:008) NASL family SuSE Local Security Checks NASL id SUSE_KRB5-2442.NASL description Bugs in the handling of pointers to uninitializes resp. already freed memory could potentially be abused by attackers to execute code (CVE-2006-6144, CVE-2006-6143). last seen 2020-06-01 modified 2020-06-02 plugin id 27307 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27307 title openSUSE 10 Security Update : krb5 (krb5-2442) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200701-21.NASL description The remote host is affected by the vulnerability described in GLSA-200701-21 (MIT Kerberos 5: Arbitrary Remote Code Execution) The Kerberos administration daemon, and possibly other applications using the GSS-API or RPC libraries, could potentially call a function pointer in a freed heap buffer, or attempt to free an uninitialized pointer. Impact : A remote attacker may be able to crash an affected application, or potentially execute arbitrary code with root privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 24257 published 2007-01-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24257 title GLSA-200701-21 : MIT Kerberos 5: Arbitrary Remote Code Execution NASL family SuSE Local Security Checks NASL id SUSE_SA_2007_004.NASL description The remote host is missing the patch for the advisory SUSE-SA:2007:004 (krb5). Various bugs in the Kerberos5 libraries and tools were fixed which could be used by remote attackers to crash and potentially execute code in kadmind. - CVE-2006-6144 / MITKRB5-SA-2006-002: the RPC library could call an uninitialized function pointer, which created a security vulnerability for kadmind. - CVE-2006-6143 / MITKRB5-SA-2006-003: the GSS-API mechglue layer could fail to initialize some output pointers, causing callers to attempt to free uninitialized pointers. This caused a security vulnerability in kadmind. last seen 2019-10-28 modified 2007-02-18 plugin id 24458 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24458 title SUSE-SA:2007:004: krb5 NASL family SuSE Local Security Checks NASL id SUSE_KRB5-2440.NASL description Bugs in the handling of pointers to uninitializes resp. already freed memory could potentially be abused by attackers to execute code. (CVE-2006-6144 / CVE-2006-6143) last seen 2020-06-01 modified 2020-06-02 plugin id 29491 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29491 title SuSE 10 Security Update : Kerberos5 (ZYPP Patch Number 2440) NASL family Fedora Local Security Checks NASL id FEDORA_2007-033.NASL description This update incorporates fixes for recently-announced bugs found in the kadmind daemon. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24189 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24189 title Fedora Core 6 : krb5-1.5-13 (2007-033)
Statements
contributor | Mark J Cox |
lastmodified | 2007-03-14 |
organization | Red Hat |
statement | Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
- http://www.us-cert.gov/cas/techalerts/TA07-009B.html
- http://www.kb.cert.org/vuls/id/481564
- http://fedoranews.org/cms/node/2375
- http://fedoranews.org/cms/node/2376
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html
- http://www.securityfocus.com/bid/21970
- http://secunia.com/advisories/23696
- http://secunia.com/advisories/23701
- http://secunia.com/advisories/23706
- http://secunia.com/advisories/23707
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:008
- http://securitytracker.com/id?1017493
- http://secunia.com/advisories/23667
- http://www.ubuntu.com/usn/usn-408-1
- http://secunia.com/advisories/23772
- https://issues.rpath.com/browse/RPL-925
- http://security.gentoo.org/glsa/glsa-200701-21.xml
- http://secunia.com/advisories/23903
- http://docs.info.apple.com/article.html?artnum=305391
- http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
- http://secunia.com/advisories/24966
- http://www.us-cert.gov/cas/techalerts/TA07-109A.html
- http://osvdb.org/31281
- http://www.vupen.com/english/advisories/2007/1470
- http://www.vupen.com/english/advisories/2007/0111
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31422
- http://www.securityfocus.com/archive/1/456406/100/0/threaded