CVE-2006-6143
MIT Kerberos 5 1.4-1.4.4 1.5-1.5.1 - Use-After-Free in RPC Library
Title source: llmDescription
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
References (29)
Core 29
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017493
Broken Link vendor-advisory
x_refsource_fedora
http://fedoranews.org/cms/node/2376
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/31281
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24966
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/481564
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-408-1
Broken Link, Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-009B.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23696
Broken Link vendor-advisory
x_refsource_suse
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html
Broken Link x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=305391
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23706
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:008
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23903
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21970
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23667
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200701-21.xml
Patch, Vendor Advisory x_refsource_confirm
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
Broken Link vendor-advisory
x_refsource_openpkg
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html
Broken Link vendor-advisory
x_refsource_fedora
http://fedoranews.org/cms/node/2375
Broken Link, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-109A.html
Broken Link x_refsource_confirm
https://issues.rpath.com/browse/RPL-925
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23707
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0111
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/456406/100/0/threaded
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23772
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23701
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1470
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31422
Scores
EPSS
0.0793
EPSS Percentile
94.0%
Details
CWE
CWE-824
Status
published
Products (9)
canonical/ubuntu_linux
6.06
canonical/ubuntu_linux
6.10
mit/kerberos_5
1.4
mit/kerberos_5
1.4.1
mit/kerberos_5
1.4.2
mit/kerberos_5
1.4.3
mit/kerberos_5
1.4.4
mit/kerberos_5
1.5
mit/kerberos_5
1.5.1
Published
Dec 31, 2006
Tracked Since
Feb 18, 2026