Gentoo Full Text Bug Listing

Description:

Opened: 2007-01-10 02:34 0000

MIT krb5 Security Advisory 2006-003

Original release: 2007-01-09
Last update: 2007-01-09

Topic: kadmind (via GSS-API mechglue) frees uninitialized pointers

Severity: CRITICAL

CVE: CVE-2006-6144
CERT: VU#831452

SUMMARY
=======

The Kerberos administration daemon, "kadmind", can free uninitialized
pointers, possibly leading to arbitrary code execution.  This
vulnerability results from memory management bugs in the "mechglue"
abstraction interface of the GSS-API implementation.  Third-party
applications written using the GSS-API may also be vulnerable.

Exploitation of this vulnerability is believed to be difficult.  No
exploit code is known to exist at this time.


Reproducible: Always

------- Comment #1 From Seemant Kulleen (RETIRED) 2007-01-10 14:51:11 0000 -------


*** This bug has been marked as a duplicate of bug 158810 ***

Bug#: 161260	Product: Gentoo Security	Version: unspecified	Platform: All
OS/Version: Linux	Status: RESOLVED	Severity: critical	Priority: P2
Resolution: DUPLICATE	Assigned To: security@gentoo.org	Reported By: henson@acm.org
Component: Vulnerabilities
URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt
Summary: mit-krb5: kadmind (via GSS-API mechglue) frees uninitialized pointers
Keywords:
Status Whiteboard:
Opened: 2007-01-10 02:34 0000