CVE-2006-6143

Description

The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

References

Link	Tags
http://securitytracker.com/id?1017493	broken link third party advisory vdb entry
http://fedoranews.org/cms/node/2376	vendor advisory broken link
http://osvdb.org/31281	vdb entry broken link
http://secunia.com/advisories/24966	third party advisory broken link
http://www.kb.cert.org/vuls/id/481564	patch third party advisory us government resource
http://www.ubuntu.com/usn/usn-408-1	third party advisory vendor advisory
http://www.us-cert.gov/cas/techalerts/TA07-009B.html	patch us government resource broken link third party advisory
http://secunia.com/advisories/23696	third party advisory broken link
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html	vendor advisory broken link
http://docs.info.apple.com/article.html?artnum=305391	broken link
http://secunia.com/advisories/23706	third party advisory broken link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:008	third party advisory vendor advisory
http://secunia.com/advisories/23903	third party advisory broken link
http://www.securityfocus.com/bid/21970	broken link third party advisory vdb entry
http://secunia.com/advisories/23667	third party advisory broken link
http://security.gentoo.org/glsa/glsa-200701-21.xml	third party advisory vendor advisory
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt	patch vendor advisory
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html	vendor advisory broken link
http://fedoranews.org/cms/node/2375	vendor advisory broken link
http://www.us-cert.gov/cas/techalerts/TA07-109A.html	broken link third party advisory us government resource
https://issues.rpath.com/browse/RPL-925	broken link
http://secunia.com/advisories/23707	third party advisory broken link
http://www.vupen.com/english/advisories/2007/0111	vdb entry broken link
http://www.securityfocus.com/archive/1/456406/100/0/threaded	broken link mailing list third party advisory vdb entry
http://secunia.com/advisories/23772	third party advisory broken link
http://secunia.com/advisories/23701	third party advisory broken link
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html	vendor advisory mailing list
http://www.vupen.com/english/advisories/2007/1470	vdb entry broken link
https://exchange.xforce.ibmcloud.com/vulnerabilities/31422	third party advisory vdb entry

Frequently Asked Questions

What is the severity of CVE-2006-6143?: CVE-2006-6143 has been scored as a critical severity vulnerability.
How to fix CVE-2006-6143?: To fix CVE-2006-6143, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2006-6143 being actively exploited in the wild?: It is possible that CVE-2006-6143 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~28% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-824 – Access of Uninitialized Pointer

References

Frequently Asked Questions