MIT krb5 Security Advisory 2006-002 Original release: 2007-01-09 Last update: 2007-01-09 Topic: kadmind (via RPC library) calls uninitialized function pointer Severity: CRITICAL CVE: CVE-2006-6143 CERT: VU#481564 SUMMARY ======= The Kerberos administration daemon, "kadmind", can execute arbitrary code by calling through a function pointer located in freed memory. This vulnerability results from bugs in the server-side portion of the RPC library. Third-party server applications written using the RPC library provided with MIT krb5 may also be vulnerable. No exploit code is known to exist at this time. Reproducible: Always
Thx for the report Paul, however we already have a restricted bug for this that I'll open now. *** This bug has been marked as a duplicate of bug 158810 ***