Vulnerability Description
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mit | Kerberos 5 | 1.4 |
| Canonical | Ubuntu Linux | 6.06 |
Related Weaknesses (CWE)
References
- http://docs.info.apple.com/article.html?artnum=305391Broken Link
- http://fedoranews.org/cms/node/2375Broken Link
- http://fedoranews.org/cms/node/2376Broken Link
- http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.htmlMailing List
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.htmlBroken Link
- http://osvdb.org/31281Broken Link
- http://secunia.com/advisories/23667Broken Link
- http://secunia.com/advisories/23696Broken Link
- http://secunia.com/advisories/23701Broken Link
- http://secunia.com/advisories/23706Broken Link
- http://secunia.com/advisories/23707Broken Link
- http://secunia.com/advisories/23772Broken Link
- http://secunia.com/advisories/23903Broken Link
- http://secunia.com/advisories/24966Broken Link
- http://security.gentoo.org/glsa/glsa-200701-21.xmlThird Party Advisory
FAQ
What is CVE-2006-6143?
CVE-2006-6143 is a vulnerability with a CVSS score of 9.3 (HIGH). The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function po...
How severe is CVE-2006-6143?
CVE-2006-6143 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6143?
Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5, Canonical Ubuntu Linux.