CVE-2006-6143 — Access of Uninitialized Pointer in Kerberos 5

CWE-824 — Access of Uninitialized Pointer7 documents7 sources

Severity

9.3CRITICALNVD

EPSS

30.7%

top 3.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 Canonical Ubuntu Linux MIT Kerberos 5

Timeline

PublishedDec 31

Latest updateMay 1

Description

The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmit/kerberos_57 versions+6

▶Debianmit/krb5< 1.4.4-6+3

Also affects: Ubuntu Linux 6.06, 6.10

Patches

Patch: web.mit.edu ↗Patch: www.kb.cert.org ↗Patch: www.us-cert.gov ↗

🔴Vulnerability Details

GHSA

GHSA-f6jg-x7x7-48f4: The RPC library in Kerberos 5 1↗2022-05-01

▶

CVEList

CVE-2006-6143: The RPC library in Kerberos 5 1↗2007-01-10

▶

OSV

CVE-2006-6143: The RPC library in Kerberos 5 1↗2006-12-31

▶

📋Vendor Advisories

Ubuntu

krb5 vulnerability↗2007-01-16

▶

Debian

CVE-2006-6143: krb5 - The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used ...↗2006

▶

Red Hat

CVE-2006-6143: The RPC library in Kerberos 5 1↗

▶