CERTVU:831452Kerberos administration daemon may free uninitialized pointers
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.077 Low
EPSS
Percentile
94.2%
Overview
A vulnerability exists in the Kerberos administration daemon that may allow a remote, unauthenticated user to free uninitialized pointers. Freeing uninitialized pointers corrupts memory in a way that could allow an attacker to execute code.
Description
The MIT krb 5 administration daemon contains a vulnerability that may allow an attacker to execute arbitary code. According to MIT krb5 Security Advisory 2006-003:
This vulnerability results from memory management bugs in the “mechglue” abstraction interface of the GSS-API implementation.
Note that versions krb5-1.5 through krb5-1.5.1 are affected by this vulnerability. Other server applications that utilize the GSS-API library provided with MIT krb5 may also be affected.
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code resulting in the compromise of the Kerberos key database or cause a denial of service.
Solution
Apply Patch
A patch as described in MIT krb5 Security Advisory 2006-003 can be obtained from MIT. MIT also states that this will be addressed in the upcoming krb5-1.6 release and krb5-1.5.2 patch release.
Vendor Information
831452
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Fedora Project __ Affected
Notified: January 04, 2007 Updated: January 11, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to Fedora Core 6 Update krb5-1.5-13.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23831452 Feedback>).
Gentoo Linux __ Affected
Notified: January 04, 2007 Updated: February 07, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to glsa-200701-21.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23831452 Feedback>).
MIT Kerberos Development Team __ Affected
Notified: January 04, 2007 Updated: January 09, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to MIT krb5 Security Advisory 2006-003.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23831452 Feedback>).
OpenPKG __ Affected
Updated: January 11, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to OpenPKG-SA-2007.006.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23831452 Feedback>).
SUSE Linux __ Affected
Notified: January 04, 2007 Updated: January 11, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to SUSE-SA:2007:004.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23831452 Feedback>).
Sun Microsystems, Inc. __ Affected
Notified: January 04, 2007 Updated: January 09, 2007
Status
Affected
Vendor Statement
Sun’s Kerberos administration daemon, kadmind(1M), is not impacted by the kadmind vulnerabilities described in CERT VU#481564 and CERT VU#831452. However it may be possible that some third-party applications which utilize GSS-API via Sun’s libgss(3LIB) are vulnerable to the issue described in CERT VU#831452. Sun will be updating the relevant GSS-API routines to address this and will document the details in Sun Alert 102772 which will be available from the following URL:
<http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1>
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
rPath __ Affected
Updated: January 12, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Refer to RPL-925.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23831452 Feedback>).
AttachmateWRQ, Inc. Not Affected
Notified: January 04, 2007 Updated: February 07, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
CyberSafe, Inc. __ Not Affected
Notified: January 04, 2007 Updated: January 05, 2007
Status
Not Affected
Vendor Statement
All available versions of the CyberSafe TrustBroker, Challenger and ActiveTRUST products are not vulnerable to VU#481564 or VU#831452. This is because the protocols used to communicate with the CyberSafe KDC product Administration Daemon/Service are different to the protocols used by MIT products.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Force10 Networks, Inc. Not Affected
Notified: January 04, 2007 Updated: May 10, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hitachi Not Affected
Notified: January 04, 2007 Updated: January 16, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hyperchip Not Affected
Notified: January 04, 2007 Updated: January 16, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM Corporation __ Not Affected
Notified: January 04, 2007 Updated: January 05, 2007
Status
Not Affected
Vendor Statement
Network Authentication Services for the AIX Operating System is not affected by the issues described in CERT VU#481564 and VU#831452.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Intoto __ Not Affected
Notified: January 04, 2007 Updated: January 16, 2007
Status
Not Affected
Vendor Statement
Intoto products do not use Kerberos as one of its component, so they are not vulnerable to potential exploits documented in this vulnerability note.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Juniper Networks, Inc. __ Not Affected
Notified: January 04, 2007 Updated: January 05, 2007
Status
Not Affected
Vendor Statement
Juniper Networks products are not susceptible to this vulnerability
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft Corporation Not Affected
Notified: January 04, 2007 Updated: January 05, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Network Appliance, Inc. Not Affected
Notified: January 04, 2007 Updated: January 08, 2007
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Red Hat, Inc. __ Not Affected
Notified: January 04, 2007 Updated: January 05, 2007
Status
Not Affected
Vendor Statement
Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
3com, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
AT&T Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Alcatel Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Apple Computer, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Avaya, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Avici Systems, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Borderware Technologies Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Charlotte’s Web Networks Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Check Point Software Technologies Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Chiaro Networks, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Cisco Systems, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Clavister Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Computer Associates Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Conectiva Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Cray Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
D-Link Systems, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Data Connection, Ltd. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Debian GNU/Linux Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
EMC, Inc. (formerly Data General Corporation) Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Engarde Secure Linux Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ericsson Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Extreme Networks Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
F5 Networks, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fortinet, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Foundry Networks, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
FreeBSD, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fujitsu Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Global Technology Associates Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Heimdal Kerberos Project Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hewlett-Packard Company Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM Corporation (zseries) Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM eServer Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IP Filter Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Immunix Communications, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ingrian Networks, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Intel Corporation Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Internet Security Systems, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
KTH Kerberos Team Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Linksys (A division of Cisco Systems) Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Lucent Technologies Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Luminous Networks Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Mandriva, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
MontaVista Software, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Multinet (owned Process Software Corporation) Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Multitech, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NEC Corporation Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NetBSD Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NextHop Technologies, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Nokia Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Nortel Networks, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Novell, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
OpenBSD Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Openwall GNU/*/Linux Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
QNX, Software Systems, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Redback Networks, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Riverstone Networks, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Secure Computing Network Security Division Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Secureworx, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Silicon Graphics, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Slackware Linux Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sony Corporation Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Stonesoft Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Symantec, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
The SCO Group Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Trustix Secure Linux Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Turbolinux Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ubuntu Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Unisys Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Watchguard Technologies, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Wind River Systems, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
ZyXEL Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
eSoft, Inc. Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
netfilter Unknown
Notified: January 04, 2007 Updated: January 04, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
View all 91 vendors __View less vendors __
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt>
- <http://web.mit.edu/kerberos/advisories/2006-003-patch.txt>
- <http://web.mit.edu/kerberos/advisories/2006-003-patch.txt.asc>
- <http://securitytracker.com/alerts/2007/Jan/1017494.html>
- <http://www.securityfocus.com/bid/21975>
- <http://secunia.com/advisories/23903/>
- <http://secunia.com/advisories/23706/>
- <http://secunia.com/advisories/23701/>
- <http://secunia.com/advisories/23690/>
- <http://secunia.com/advisories/23667/>
Acknowledgements
This issue is addressed in MIT krb5 Security Advisory 2006-003.
This document was written by Chris Taschner.
Other Information
| CVE IDs: | CVE-2006-6144 |
|---|---|
| Severity Metric: | 20.93 Date Public: |
References
secunia.com/advisories/23667/
secunia.com/advisories/23690/
secunia.com/advisories/23701/
secunia.com/advisories/23706/
secunia.com/advisories/23903/
securitytracker.com/alerts/2007/Jan/1017494.html
web.mit.edu/kerberos/advisories/2006-003-patch.txt
web.mit.edu/kerberos/advisories/2006-003-patch.txt.asc
web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt
www.securityfocus.com/bid/21975
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.077 Low
EPSS
Percentile
94.2%