CVE-2006-6144
published 2006-12-31CVE-2006-6144: The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
5.22%
91.5th percentile
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | — | — |
| mit | kerberos_5 | 1.5 – 1.5.1 | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2006-6144: krb5 - The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 t...
vendor_debian·2006·CVSS 5.0
CVE-2006-6144 [MEDIUM] CVE-2006-6144: krb5 - The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 t...
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Red Hat
CVE-2006-6144: The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1
vendor_redhat·CVSS 5.0
CVE-2006-6144 [MEDIUM] CVE-2006-6144: The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.
Statement: Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
GHSA
GHSA-vm45-rfxq-cf44: The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1
ghsa_unreviewed·2022-05-01
CVE-2006-6144 [MEDIUM] GHSA-vm45-rfxq-cf44: The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://fedoranews.org/cms/node/2375http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.htmlhttp://osvdb.org/31280http://secunia.com/advisories/23690http://secunia.com/advisories/23701http://secunia.com/advisories/23706http://secunia.com/advisories/23903http://secunia.com/advisories/35151http://security.gentoo.org/glsa/glsa-200701-21.xmlhttp://securitytracker.com/id?1017494http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-201294-1http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txthttp://www.kb.cert.org/vuls/id/831452http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.htmlhttp://www.securityfocus.com/archive/1/456409/100/0/threadedhttp://www.securityfocus.com/bid/21975http://www.us-cert.gov/cas/techalerts/TA07-009B.htmlhttp://www.vupen.com/english/advisories/2007/0111http://www.vupen.com/english/advisories/2007/0112https://exchange.xforce.ibmcloud.com/vulnerabilities/31417https://issues.rpath.com/browse/RPL-925http://fedoranews.org/cms/node/2375http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.htmlhttp://osvdb.org/31280http://secunia.com/advisories/23690http://secunia.com/advisories/23701http://secunia.com/advisories/23706http://secunia.com/advisories/23903http://secunia.com/advisories/35151http://security.gentoo.org/glsa/glsa-200701-21.xmlhttp://securitytracker.com/id?1017494http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-201294-1http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txthttp://www.kb.cert.org/vuls/id/831452http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.htmlhttp://www.securityfocus.com/archive/1/456409/100/0/threadedhttp://www.securityfocus.com/bid/21975http://www.us-cert.gov/cas/techalerts/TA07-009B.htmlhttp://www.vupen.com/english/advisories/2007/0111http://www.vupen.com/english/advisories/2007/0112https://exchange.xforce.ibmcloud.com/vulnerabilities/31417https://issues.rpath.com/browse/RPL-925
2006-12-31
Published