MIT krb5 Security Advisory 2006-003 Original release: 2007-01-09 Last update: 2007-01-09 Topic: kadmind (via GSS-API mechglue) frees uninitialized pointers Severity: CRITICAL CVE: CVE-2006-6144 CERT: VU#831452 SUMMARY ======= The Kerberos administration daemon, "kadmind", can free uninitialized pointers, possibly leading to arbitrary code execution. This vulnerability results from memory management bugs in the "mechglue" abstraction interface of the GSS-API implementation. Third-party applications written using the GSS-API may also be vulnerable. Exploitation of this vulnerability is believed to be difficult. No exploit code is known to exist at this time. Reproducible: Always
*** This bug has been marked as a duplicate of bug 158810 ***