CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.8%
The Kerberos administration daemon fails to properly initialize pointers. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service.
A vulnerability exists in the way the Kerberos administration daemon handles pointers that may allow a remote, unauthenticated user to execute arbitrary code. According to MIT krb5 Security Advisory 2006-002:
The Kerberos administration daemon, “kadmind”, can execute arbitrary code by calling through a function pointer located in freed memory. This vulnerability results from bugs in the server-side portion of the RPC library.
Note that krb5-1.4 through krb5-1.4.4, and krb5-1.5 through krb5-1.5.1 are affected by this vulnerability. Other server applications that utilize the RPC library provided with MIT krb5 may also be affected.
This vulnerability can be triggered by sending a specially crafted Kerberos packet to a vulnerable system.
A remote, unauthenticated user may be able to execute arbitrary code resulting in the compromise of the Kerberos key database or cause a denial of service.
Apply Patch
A patch can be obtained from MIT krb5 Security Advisory 2006-002. MIT also states that this will be addressed in the upcoming krb5-1.6 release and krb5-1.5.2 patch release.
481564
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 04, 2007 Updated: January 19, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to dsa-1244.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23481564 Feedback>).
Notified: January 04, 2007 Updated: January 11, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to Fedora Core 5 Update krb5-1.4.3-5.3 and Fedora Core 6 Update krb5-1.5-13.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23481564 Feedback>).
Notified: January 04, 2007 Updated: February 07, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to glsa-200701-21.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23481564 Feedback>).
Notified: January 04, 2007 Updated: January 09, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to MIT krb5 Security Advisory 2006-002.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23481564 Feedback>).
Notified: January 04, 2007 Updated: January 11, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to Mandriva Security Advisory MDKSA-2007:008.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23481564 Feedback>).
Updated: January 11, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to OpenPKG-SA-2007.006.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23481564 Feedback>).
Notified: January 04, 2007 Updated: January 11, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to SUSE-SA:2007:004.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23481564 Feedback>).
Notified: January 04, 2007 Updated: January 19, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to SSA:2006-357-05.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23481564 Feedback>).
Notified: January 04, 2007 Updated: January 19, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to Trustix Secure Linux Security Advisory #2007-0003.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23481564 Feedback>).
Notified: January 04, 2007 Updated: January 16, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to Ubuntu Security Notice USN-408-1.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23481564 Feedback>).
Updated: January 12, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to RPL-925.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23481564 Feedback>).
Notified: January 04, 2007 Updated: February 07, 2007
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 05, 2007
Not Affected
All available versions of the CyberSafe TrustBroker, Challenger and ActiveTRUST products are not vulnerable to VU#481564 or VU#831452. This is because the protocols used to communicate with the CyberSafe KDC product Administration Daemon/Service are different to the protocols used by MIT products.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: May 10, 2007
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 16, 2007
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 16, 2007
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 05, 2007
Not Affected
Network Authentication Services for the AIX Operating System is not affected by the issues described in CERT VU#481564 and VU#831452.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 16, 2007
Not Affected
Intoto products do not use Kerberos as one of its component, so they are not vulnerable to potential exploits documented in this vulnerability note.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 05, 2007
Not Affected
Juniper Networks products are not susceptible to this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 05, 2007
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 08, 2007
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 05, 2007
Not Affected
Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 09, 2007
Not Affected
Sun’s Kerberos administration daemon, kadmind(1M), is not impacted by the kadmind vulnerabilities described in CERT VU#481564 and CERT VU#831452. However it may be possible that some third-party applications which utilize GSS-API via Sun’s libgss(3LIB) are vulnerable to the issue described in CERT VU#831452. Sun will be updating the relevant GSS-API routines to address this and will document the details in Sun Alert 102772 which will be available from the following URL:
<http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1>
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 04, 2007 Updated: January 04, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
View all 91 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This issue is addressed in MIT krb5 Security Advisory 2006-002. MIT credits Andrew Korty from Indiana University for reporting this issue.
This document was written by Chris Taschner.
CVE IDs: | CVE-2006-6143 |
---|---|
Severity Metric: | 20.93 Date Public: |
docs.info.apple.com/article.html?artnum=305391
secunia.com/advisories/23667/
secunia.com/advisories/23696/
secunia.com/advisories/23701/
secunia.com/advisories/23706/
secunia.com/advisories/23707/
secunia.com/advisories/23772/
secunia.com/advisories/23903/
secunia.com/advisories/24966/
securitytracker.com/alerts/2007/Jan/1017493.html
web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
www.securityfocus.com/bid/21970