CVE-2006-6144 - OpenCVE

The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mit	Kerberos 5

Configuration 1 [-]

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://fedoranews.org/cms/node/2375
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html
http://osvdb.org/31280
http://secunia.com/advisories/23690
http://secunia.com/advisories/23701
http://secunia.com/advisories/23706
http://secunia.com/advisories/23903
http://secunia.com/advisories/35151
http://security.gentoo.org/glsa/glsa-200701-21.xml
http://securitytracker.com/id?1017494
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201294-1
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt
http://www.kb.cert.org/vuls/id/831452
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html
http://www.securityfocus.com/archive/1/456409/100/0/threaded
http://www.securityfocus.com/bid/21975
http://www.us-cert.gov/cas/techalerts/TA07-009B.html
http://www.vupen.com/english/advisories/2007/0111
http://www.vupen.com/english/advisories/2007/0112
https://exchange.xforce.ibmcloud.com/vulnerabilities/31417
https://issues.rpath.com/browse/RPL-925

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-10T00:00:00

Updated: 2024-08-07T20:19:33.965Z

Reserved: 2006-11-28T00:00:00

Link: CVE-2006-6144

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2006-12-31T05:00:00.000

Modified: 2021-02-02T18:13:12.027

Link: CVE-2006-6144

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "The \"mechglue\" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "kerberos-gssapi-code-execution(31417)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31417"}, {"name": "102772", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1"}, {"name": "201294", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201294-1"}, {"name": "TA07-009B", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-009B.html"}, {"name": "23690", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23690"}, {"name": "SUSE-SA:2007:004", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html"}, {"name": "1017494", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017494"}, {"name": "23706", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23706"}, {"name": "20070109 MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/456409/100/0/threaded"}, {"name": "23903", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23903"}, {"name": "GLSA-200701-21", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200701-21.xml"}, {"name": "OpenPKG-SA-2007.006", "tags": ["vendor-advisory", "x_refsource_OPENPKG"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html"}, {"name": "FEDORA-2007-033", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/cms/node/2375"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-925"}, {"name": "ADV-2007-0112", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0112"}, {"name": "31280", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/31280"}, {"name": "35151", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35151"}, {"name": "21975", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21975"}, {"name": "ADV-2007-0111", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0111"}, {"name": "VU#831452", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/831452"}, {"name": "23701", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23701"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6144", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The \"mechglue\" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "kerberos-gssapi-code-execution(31417)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31417"}, {"name": "102772", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1"}, {"name": "201294", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201294-1"}, {"name": "TA07-009B", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-009B.html"}, {"name": "23690", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23690"}, {"name": "SUSE-SA:2007:004", "refsource": "SUSE", "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html"}, {"name": "1017494", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017494"}, {"name": "23706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23706"}, {"name": "20070109 MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/456409/100/0/threaded"}, {"name": "23903", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23903"}, {"name": "GLSA-200701-21", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200701-21.xml"}, {"name": "OpenPKG-SA-2007.006", "refsource": "OPENPKG", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html"}, {"name": "FEDORA-2007-033", "refsource": "FEDORA", "url": "http://fedoranews.org/cms/node/2375"}, {"name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt", "refsource": "CONFIRM", "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt"}, {"name": "https://issues.rpath.com/browse/RPL-925", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-925"}, {"name": "ADV-2007-0112", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0112"}, {"name": "31280", "refsource": "OSVDB", "url": "http://osvdb.org/31280"}, {"name": "35151", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35151"}, {"name": "21975", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21975"}, {"name": "ADV-2007-0111", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0111"}, {"name": "VU#831452", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/831452"}, {"name": "23701", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23701"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:19:33.965Z"}, "title": "CVE Program Container", "references": [{"name": "kerberos-gssapi-code-execution(31417)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31417"}, {"name": "102772", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1"}, {"name": "201294", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201294-1"}, {"name": "TA07-009B", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-009B.html"}, {"name": "23690", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23690"}, {"name": "SUSE-SA:2007:004", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html"}, {"name": "1017494", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017494"}, {"name": "23706", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23706"}, {"name": "20070109 MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/456409/100/0/threaded"}, {"name": "23903", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23903"}, {"name": "GLSA-200701-21", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200701-21.xml"}, {"name": "OpenPKG-SA-2007.006", "tags": ["vendor-advisory", "x_refsource_OPENPKG", "x_transferred"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html"}, {"name": "FEDORA-2007-033", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/cms/node/2375"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-925"}, {"name": "ADV-2007-0112", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0112"}, {"name": "31280", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/31280"}, {"name": "35151", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35151"}, {"name": "21975", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21975"}, {"name": "ADV-2007-0111", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0111"}, {"name": "VU#831452", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/831452"}, {"name": "23701", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23701"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6144", "datePublished": "2007-01-10T00:00:00", "dateReserved": "2006-11-28T00:00:00", "dateUpdated": "2024-08-07T20:19:33.965Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "matchCriteriaId": "41C9B47F-522F-4966-AC17-967769F66712", "versionEndIncluding": "1.5.1", "versionStartIncluding": "1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The \"mechglue\" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers."}, {"lang": "es", "value": "La abstracci\u00f3n de interfaz \"mechglue\" de la biblioteca GSS-API para Kerberos 5 1.5 hasta 1.5.1, tal y como se usan en el demonio de administraci\u00f3n Kerberos (kadmind) y otros productos que utilizan esta biblioteca, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante vectores desconocidos que provoca que mechglue libere punteros sin inicializar."}], "id": "CVE-2006-6144", "lastModified": "2021-02-02T18:13:12.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2375"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://osvdb.org/31280"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23690"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23701"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23706"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23903"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35151"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200701-21.xml"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1017494"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201294-1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/831452"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/456409/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/21975"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-009B.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0111"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0112"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31417"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-925"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities.\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat"}, {"comment": "Not vulnerable. Mandriva 2007.0 and earlier ship with Kerberos 5 version 1.4.x and as a result are not vulnerable to these issues.\n", "lastModified": "2007-01-19T00:00:00", "organization": "Mandriva"}], "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}