CVE-2006-6143

2006-12-3105:00:00

CWE-824

[email protected]

web.nvd.nist.gov

rpc

kerberos 5

remote code execution

security vulnerability

nvd

cve-2006-6143

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.609 Medium

EPSS

Percentile

97.8%

JSON

The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

CPENameOperatorVersion
mit:kerberos_5mit kerberos 5eq1.4
mit:kerberos_5mit kerberos 5eq1.4.1
mit:kerberos_5mit kerberos 5eq1.4.2
mit:kerberos_5mit kerberos 5eq1.4.3
mit:kerberos_5mit kerberos 5eq1.4.4
mit:kerberos_5mit kerberos 5eq1.5
mit:kerberos_5mit kerberos 5eq1.5.1
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06

CPE	Name	Operator	Version
mit:kerberos_5	mit kerberos 5	eq	1.4
mit:kerberos_5	mit kerberos 5	eq	1.4.1
mit:kerberos_5	mit kerberos 5	eq	1.4.2
mit:kerberos_5	mit kerberos 5	eq	1.4.3
mit:kerberos_5	mit kerberos 5	eq	1.4.4
mit:kerberos_5	mit kerberos 5	eq	1.5
mit:kerberos_5	mit kerberos 5	eq	1.5.1
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06