CVE-2006-6144 — Kerberos 5 vulnerability

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

21.9%

top 4.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Kerberos 5

Timeline

PublishedDec 31

Latest updateMay 1

Description

The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmit/kerberos_51.5 — 1.5.1

Patches

Patch: web.mit.edu ↗Patch: web.mit.edu ↗

🔴Vulnerability Details

GHSA

GHSA-vm45-rfxq-cf44: The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1↗2022-05-01

▶

CVEList

CVE-2006-6144: The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1↗2007-01-10

▶

📋Vendor Advisories

Debian

CVE-2006-6144: krb5 - The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 t...↗2006

▶

Red Hat

CVE-2006-6144: The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1↗

▶