CVE-2006-6143
UnknownEPSS 7.93%
Last modified
CVE-2006-6143 is a vulnerability of currently unknown severity. The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.. EPSS estimates a 7.93% chance of exploitation in the next 30 days.
Description
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mit | Kerberos 5 | 1.4 |
| Mit | Kerberos 5 | 1.4.1 |
| Mit | Kerberos 5 | 1.4.2 |
| Mit | Kerberos 5 | 1.4.3 |
| Mit | Kerberos 5 | 1.4.4 |
| Mit | Kerberos 5 | 1.5 |
| Mit | Kerberos 5 | 1.5.1 |
| Canonical | Ubuntu Linux | 6.06 |
| Canonical | Ubuntu Linux | 6.10 |
References
- http://fedoranews.org/cms/node/2375Broken Link
- http://fedoranews.org/cms/node/2376Broken Link
- http://osvdb.org/31281Broken Link
- http://secunia.com/advisories/23667Broken Link
- http://secunia.com/advisories/23696Broken Link
- http://secunia.com/advisories/23701Broken Link
- http://secunia.com/advisories/23706Broken Link
- http://secunia.com/advisories/23707Broken Link
- http://secunia.com/advisories/23772Broken Link
- http://secunia.com/advisories/23903Broken Link
- http://secunia.com/advisories/24966Broken Link
- http://security.gentoo.org/glsa/glsa-200701-21.xmlThird Party Advisory
- http://securitytracker.com/id?1017493Broken Link, Third Party Advisory, VDB Entry
- http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txtPatch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/481564Patch, Third Party Advisory, US Government Resource
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:008Third Party Advisory
- http://www.securityfocus.com/archive/1/456406/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/21970Broken Link, Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/usn-408-1Third Party Advisory
- http://www.us-cert.gov/cas/techalerts/TA07-009B.htmlBroken Link, Patch, Third Party Advisory, US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA07-109A.htmlBroken Link, Third Party Advisory, US Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31422Third Party Advisory, VDB Entry
- https://issues.rpath.com/browse/RPL-925Broken Link
- http://fedoranews.org/cms/node/2375Broken Link
- http://fedoranews.org/cms/node/2376Broken Link
- http://osvdb.org/31281Broken Link
- http://secunia.com/advisories/23667Broken Link
- http://secunia.com/advisories/23696Broken Link
- http://secunia.com/advisories/23701Broken Link
- http://secunia.com/advisories/23706Broken Link
- http://secunia.com/advisories/23707Broken Link
- http://secunia.com/advisories/23772Broken Link
- http://secunia.com/advisories/23903Broken Link
- http://secunia.com/advisories/24966Broken Link
- http://security.gentoo.org/glsa/glsa-200701-21.xmlThird Party Advisory
- http://securitytracker.com/id?1017493Broken Link, Third Party Advisory, VDB Entry
- http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txtPatch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/481564Patch, Third Party Advisory, US Government Resource
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:008Third Party Advisory
- http://www.securityfocus.com/archive/1/456406/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/21970Broken Link, Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/usn-408-1Third Party Advisory
- http://www.us-cert.gov/cas/techalerts/TA07-009B.htmlBroken Link, Patch, Third Party Advisory, US Government Resource
- http://www.us-cert.gov/cas/techalerts/TA07-109A.htmlBroken Link, Third Party Advisory, US Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31422Third Party Advisory, VDB Entry
- https://issues.rpath.com/browse/RPL-925Broken Link
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-6143?
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
How severe is CVE-2006-6143?
Severity scoring for CVE-2006-6143 is pending analysis. The EPSS model estimates a 7.93% probability of exploitation in the next 30 days.
How do I fix CVE-2006-6143?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2006-6143?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST