9.3

CVE-2006-6143

EPSS 28.98%
Published 31.12.2006 05:00:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 32

Data is provided by the National Vulnerability Database (NVD)

Mit ≫ Kerberos 5 Version1.4

Mit ≫ Kerberos 5 Version1.4.1

Mit ≫ Kerberos 5 Version1.4.2

Mit ≫ Kerberos 5 Version1.4.3

Mit ≫ Kerberos 5 Version1.4.4

Mit ≫ Kerberos 5 Version1.5

Mit ≫ Kerberos 5 Version1.5.1

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version6.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	28.98%	0.964

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

http://docs.info.apple.com/article.html?artnum=305391

Broken Link

http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html

Mailing List

http://secunia.com/advisories/24966

Broken Link

http://www.us-cert.gov/cas/techalerts/TA07-109A.html

Third Party Advisory

US Government Resource

Broken Link

http://www.vupen.com/english/advisories/2007/1470

Broken Link

http://fedoranews.org/cms/node/2376

Broken Link

http://secunia.com/advisories/23707

Broken Link

http://fedoranews.org/cms/node/2375

Broken Link

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html

Broken Link

http://osvdb.org/31281

Broken Link

http://secunia.com/advisories/23667

Broken Link

http://secunia.com/advisories/23696

Broken Link

http://secunia.com/advisories/23701

Broken Link

http://secunia.com/advisories/23706

Broken Link

http://secunia.com/advisories/23772

Broken Link

http://secunia.com/advisories/23903

Broken Link

http://security.gentoo.org/glsa/glsa-200701-21.xml

Third Party Advisory

http://securitytracker.com/id?1017493

Third Party Advisory

Broken Link

VDB Entry

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/481564

Patch

Third Party Advisory

US Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2007:008

Third Party Advisory

http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html

Broken Link

http://www.securityfocus.com/archive/1/456406/100/0/threaded

Third Party Advisory

Broken Link

VDB Entry

http://www.securityfocus.com/bid/21970

Third Party Advisory

Broken Link

VDB Entry

http://www.ubuntu.com/usn/usn-408-1

Third Party Advisory

http://www.us-cert.gov/cas/techalerts/TA07-009B.html

Patch

Third Party Advisory

US Government Resource

Broken Link

http://www.vupen.com/english/advisories/2007/0111

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/31422

Third Party Advisory

VDB Entry

https://issues.rpath.com/browse/RPL-925

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2006-6143

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-6143

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-6143

EUVD