search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Kerberos administration daemon fails to properly initialize function pointers

Vulnerability Note VU#481564

Original Release Date: 2007-01-09 | Last Revised: 2007-05-10

Overview

The Kerberos administration daemon fails to properly initialize pointers. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service.

Description

A vulnerability exists in the way the Kerberos administration daemon handles pointers that may allow a remote, unauthenticated user to execute arbitrary code. According to MIT krb5 Security Advisory 2006-002:

The Kerberos administration daemon, "kadmind", can execute arbitrary code by calling through a function pointer located in freed memory. This vulnerability results from bugs in the server-side portion of the RPC library.

Note that krb5-1.4 through krb5-1.4.4, and krb5-1.5 through krb5-1.5.1 are affected by this vulnerability. Other server applications that utilize the RPC library provided with MIT krb5 may also be affected.

This vulnerability can be triggered by sending a specially crafted Kerberos packet to a vulnerable system.

Impact

A remote, unauthenticated user may be able to execute arbitrary code resulting in the compromise of the Kerberos key database or cause a denial of service.

Solution

Apply Patch

A patch can be obtained from MIT krb5 Security Advisory 2006-002. MIT also states that this will be addressed in the upcoming krb5-1.6 release and krb5-1.5.2 patch release.

Vendor Information

481564
 
Affected   Unknown   Unaffected

Debian GNU/Linux

Notified:  January 04, 2007 Updated:  January 19, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to dsa-1244.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fedora Project

Notified:  January 04, 2007 Updated:  January 11, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Fedora Core 5 Update krb5-1.4.3-5.3 and Fedora Core 6 Update krb5-1.5-13.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Gentoo Linux

Notified:  January 04, 2007 Updated:  February 07, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to glsa-200701-21.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MIT Kerberos Development Team

Notified:  January 04, 2007 Updated:  January 09, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to MIT krb5 Security Advisory 2006-002.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva, Inc.

Notified:  January 04, 2007 Updated:  January 11, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Mandriva Security Advisory MDKSA-2007:008.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenPKG

Updated:  January 11, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to OpenPKG-SA-2007.006.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SUSE Linux

Notified:  January 04, 2007 Updated:  January 11, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to SUSE-SA:2007:004.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Slackware Linux Inc.

Notified:  January 04, 2007 Updated:  January 19, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to SSA:2006-357-05.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trustix Secure Linux

Notified:  January 04, 2007 Updated:  January 19, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Trustix Secure Linux Security Advisory #2007-0003.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ubuntu

Notified:  January 04, 2007 Updated:  January 16, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Ubuntu Security Notice USN-408-1.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

rPath

Updated:  January 12, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to RPL-925.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

AttachmateWRQ, Inc.

Notified:  January 04, 2007 Updated:  February 07, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CyberSafe, Inc.

Notified:  January 04, 2007 Updated:  January 05, 2007

Status

  Not Vulnerable

Vendor Statement

All available versions of the CyberSafe TrustBroker, Challenger and ActiveTRUST products are not vulnerable to VU#481564 or VU#831452. This is because the protocols used to communicate with the CyberSafe KDC product Administration Daemon/Service are different to the protocols used by MIT products.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Force10 Networks, Inc.

Notified:  January 04, 2007 Updated:  May 10, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hitachi

Notified:  January 04, 2007 Updated:  January 16, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hyperchip

Notified:  January 04, 2007 Updated:  January 16, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation

Notified:  January 04, 2007 Updated:  January 05, 2007

Status

  Not Vulnerable

Vendor Statement

Network Authentication Services for the AIX Operating System is not affected by the issues described in CERT VU#481564 and VU#831452.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Intoto

Notified:  January 04, 2007 Updated:  January 16, 2007

Status

  Not Vulnerable

Vendor Statement

Intoto products do not use Kerberos as one of its component, so they are not vulnerable to potential exploits documented in this vulnerability note.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Juniper Networks, Inc.

Notified:  January 04, 2007 Updated:  January 05, 2007

Status

  Not Vulnerable

Vendor Statement

Juniper Networks products are not susceptible to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Microsoft Corporation

Notified:  January 04, 2007 Updated:  January 05, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Network Appliance, Inc.

Notified:  January 04, 2007 Updated:  January 08, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Red Hat, Inc.

Notified:  January 04, 2007 Updated:  January 05, 2007

Status

  Not Vulnerable

Vendor Statement

Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc.

Notified:  January 04, 2007 Updated:  January 09, 2007

Status

  Not Vulnerable

Vendor Statement

Sun's Kerberos administration daemon, kadmind(1M), is not impacted by the kadmind vulnerabilities described in CERT VU#481564 and CERT VU#831452. However it may be possible that some third-party applications which utilize GSS-API via Sun's libgss(3LIB) are vulnerable to the issue described in CERT VU#831452. Sun will be updating the relevant GSS-API routines to address this and will document the details in Sun Alert 102772 which will be available from the following URL:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

3com, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

AT&T

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Alcatel

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Apple Computer, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avaya, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avici Systems, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Borderware Technologies

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Charlotte's Web Networks

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Check Point Software Technologies

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Chiaro Networks, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cisco Systems, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Clavister

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Computer Associates

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Conectiva Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cray Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

D-Link Systems, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Data Connection, Ltd.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

EMC, Inc. (formerly Data General Corporation)

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Engarde Secure Linux

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ericsson

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Extreme Networks

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

F5 Networks, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fortinet, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Foundry Networks, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

FreeBSD, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fujitsu

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Global Technology Associates

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Heimdal Kerberos Project

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hewlett-Packard Company

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation (zseries)

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM eServer

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IP Filter

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Immunix Communications, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ingrian Networks, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Intel Corporation

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Internet Security Systems, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

KTH Kerberos Team

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Linksys (A division of Cisco Systems)

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Lucent Technologies

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Luminous Networks

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MontaVista Software, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multinet (owned Process Software Corporation)

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multitech, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NEC Corporation

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NetBSD

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NextHop Technologies, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nokia

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nortel Networks, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Novell, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OpenBSD

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Openwall GNU/*/Linux

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

QNX, Software Systems, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Redback Networks, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Riverstone Networks, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secure Computing Network Security Division

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secureworx, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Silicon Graphics, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sony Corporation

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Stonesoft

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Symantec, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

The SCO Group

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Turbolinux

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Unisys

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Watchguard Technologies, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Wind River Systems, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

ZyXEL

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

eSoft, Inc.

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

netfilter

Notified:  January 04, 2007 Updated:  January 04, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

View all 91 vendors View less vendors


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

This issue is addressed in MIT krb5 Security Advisory 2006-002. MIT credits Andrew Korty from Indiana University for reporting this issue.

This document was written by Chris Taschner.

Other Information

CVE IDs: CVE-2006-6143
Severity Metric: 20.93
Date Public: 2007-01-09
Date First Published: 2007-01-09
Date Last Updated: 2007-05-10 14:42 UTC
Document Revision: 55

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.