SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#831452

Kerberos administration daemon may free uninitialized pointers

Overview

A vulnerability exists in the Kerberos administration daemon that may allow a remote, unauthenticated user to free uninitialized pointers. Freeing uninitialized pointers corrupts memory in a way that could allow an attacker to execute code.

I. Description

The MIT krb 5 administration daemon contains a vulnerability that may allow an attacker to execute arbitary code. According to MIT krb5 Security Advisory 2006-003:

    This vulnerability results from memory management bugs in the "mechglue" abstraction interface of the GSS-API implementation.


Note that versions krb5-1.5 through krb5-1.5.1 are affected by this vulnerability. Other server applications that utilize the GSS-API library provided with MIT krb5 may also be affected.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code resulting in the compromise of the Kerberos key database or cause a denial of service.

III. Solution

Apply Patch


A patch as described in MIT krb5 Security Advisory 2006-003 can be obtained from MIT. MIT also states that this will be addressed in the upcoming krb5-1.6 release and krb5-1.5.2 patch release.

Systems Affected

VendorStatusDate NotifiedDate Updated
3com, Inc.Unknown4-Jan-2007
AlcatelUnknown4-Jan-2007
Apple Computer, Inc.Unknown4-Jan-2007
AttachmateWRQ, Inc.Not Vulnerable7-Feb-2007
AT&TUnknown4-Jan-2007
Avaya, Inc.Unknown4-Jan-2007
Avici Systems, Inc.Unknown4-Jan-2007
Borderware TechnologiesUnknown4-Jan-2007
Charlotte's Web NetworksUnknown4-Jan-2007
Check Point Software TechnologiesUnknown4-Jan-2007
Chiaro Networks, Inc.Unknown4-Jan-2007
Cisco Systems, Inc.Unknown4-Jan-2007
ClavisterUnknown4-Jan-2007
Computer AssociatesUnknown4-Jan-2007
Conectiva Inc.Unknown4-Jan-2007
Cray Inc.Unknown4-Jan-2007
CyberSafe, Inc.Not Vulnerable5-Jan-2007
D-Link Systems, Inc.Unknown4-Jan-2007
Data Connection, Ltd.Unknown4-Jan-2007
Debian GNU/LinuxUnknown4-Jan-2007
EMC, Inc. (formerly Data General Corporation)Unknown4-Jan-2007
Engarde Secure LinuxUnknown4-Jan-2007
EricssonUnknown4-Jan-2007
eSoft, Inc.Unknown4-Jan-2007
Extreme NetworksUnknown4-Jan-2007
F5 Networks, Inc.Unknown4-Jan-2007
Fedora ProjectVulnerable11-Jan-2007
Force10 Networks, Inc.Not Vulnerable10-May-2007
Fortinet, Inc.Unknown4-Jan-2007
Foundry Networks, Inc.Unknown4-Jan-2007
FreeBSD, Inc.Unknown4-Jan-2007
FujitsuUnknown4-Jan-2007
Gentoo LinuxVulnerable7-Feb-2007
Global Technology AssociatesUnknown4-Jan-2007
Heimdal Kerberos ProjectUnknown4-Jan-2007
Hewlett-Packard CompanyUnknown4-Jan-2007
HitachiNot Vulnerable16-Jan-2007
HyperchipNot Vulnerable16-Jan-2007
IBM CorporationNot Vulnerable5-Jan-2007
IBM Corporation (zseries)Unknown4-Jan-2007
IBM eServerUnknown4-Jan-2007
Immunix Communications, Inc.Unknown4-Jan-2007
Ingrian Networks, Inc.Unknown4-Jan-2007
Intel CorporationUnknown4-Jan-2007
Internet Security Systems, Inc.Unknown4-Jan-2007
IntotoNot Vulnerable16-Jan-2007
IP FilterUnknown4-Jan-2007
Juniper Networks, Inc.Not Vulnerable5-Jan-2007
KTH Kerberos TeamUnknown4-Jan-2007
Linksys (A division of Cisco Systems)Unknown4-Jan-2007
Lucent TechnologiesUnknown4-Jan-2007
Luminous NetworksUnknown4-Jan-2007
Mandriva, Inc.Unknown4-Jan-2007
Microsoft CorporationNot Vulnerable5-Jan-2007
MIT Kerberos Development TeamVulnerable9-Jan-2007
MontaVista Software, Inc.Unknown4-Jan-2007
Multinet (owned Process Software Corporation)Unknown4-Jan-2007
Multitech, Inc.Unknown4-Jan-2007
NEC CorporationUnknown4-Jan-2007
NetBSDUnknown4-Jan-2007
netfilterUnknown4-Jan-2007
Network Appliance, Inc.Not Vulnerable8-Jan-2007
NextHop Technologies, Inc.Unknown4-Jan-2007
NokiaUnknown4-Jan-2007
Nortel Networks, Inc.Unknown4-Jan-2007
Novell, Inc.Unknown4-Jan-2007
OpenBSDUnknown4-Jan-2007
OpenPKGVulnerable11-Jan-2007
Openwall GNU/*/LinuxUnknown4-Jan-2007
QNX, Software Systems, Inc.Unknown4-Jan-2007
Red Hat, Inc.Not Vulnerable5-Jan-2007
Redback Networks, Inc.Unknown4-Jan-2007
Riverstone Networks, Inc.Unknown4-Jan-2007
rPathVulnerable12-Jan-2007
Secure Computing Network Security DivisionUnknown4-Jan-2007
Secureworx, Inc.Unknown4-Jan-2007
Silicon Graphics, Inc.Unknown4-Jan-2007
Slackware Linux Inc.Unknown4-Jan-2007
Sony CorporationUnknown4-Jan-2007
StonesoftUnknown4-Jan-2007
Sun Microsystems, Inc.Vulnerable9-Jan-2007
SUSE LinuxVulnerable11-Jan-2007
Symantec, Inc.Unknown4-Jan-2007
The SCO GroupUnknown4-Jan-2007
Trustix Secure LinuxUnknown4-Jan-2007
TurbolinuxUnknown4-Jan-2007
UbuntuUnknown4-Jan-2007
UnisysUnknown4-Jan-2007
Watchguard Technologies, Inc.Unknown4-Jan-2007
Wind River Systems, Inc.Unknown4-Jan-2007
ZyXELUnknown4-Jan-2007

References


http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt
http://web.mit.edu/kerberos/advisories/2006-003-patch.txt
http://web.mit.edu/kerberos/advisories/2006-003-patch.txt.asc
http://securitytracker.com/alerts/2007/Jan/1017494.html
http://www.securityfocus.com/bid/21975
http://secunia.com/advisories/23903/
http://secunia.com/advisories/23706/
http://secunia.com/advisories/23701/
http://secunia.com/advisories/23690/
http://secunia.com/advisories/23667/

Credit

This issue is addressed in MIT krb5 Security Advisory 2006-003.

This document was written by Chris Taschner.

Other Information

Date Public:2007-01-09
Date First Published:2007-01-09
Date Last Updated:2007-05-10
CERT Advisory: 
CVE-ID(s):CVE-2006-6144
NVD-ID(s):CVE-2006-6144
US-CERT Technical Alerts: 
Metric:20.92
Document Revision:39

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader