161260 2007-01-10 02:34 0000 mit-krb5: kadmind (via GSS-API mechglue) frees uninitialized pointers 2007-01-10 14:51:11 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED DUPLICATE http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt P2 critical --- 1 henson@acm.org security@gentoo.org henson@acm.org 2007-01-10 02:34:17 0000 MIT krb5 Security Advisory 2006-003 Original release: 2007-01-09 Last update: 2007-01-09 Topic: kadmind (via GSS-API mechglue) frees uninitialized pointers Severity: CRITICAL CVE: CVE-2006-6144 CERT: VU#831452 SUMMARY ======= The Kerberos administration daemon, "kadmind", can free uninitialized pointers, possibly leading to arbitrary code execution. This vulnerability results from memory management bugs in the "mechglue" abstraction interface of the GSS-API implementation. Third-party applications written using the GSS-API may also be vulnerable. Exploitation of this vulnerability is believed to be difficult. No exploit code is known to exist at this time. Reproducible: Always seemant@gentoo.org 2007-01-10 14:51:11 0000 *** This bug has been marked as a duplicate of bug 158810 ***