CVE-2006-5989

NameCVE-2006-5989
DescriptionOff-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1247-1
NVD severitymedium (attack range: remote)
Debian Bugs400589

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libapache-mod-auth-kerb (PTS)wheezy5.4-2fixed
jessie5.4-2.2fixed
buster, sid, stretch5.4-2.3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libapache-mod-auth-kerbsource(unstable)5.3-1low400589
libapache-mod-auth-kerbsourcesarge4.996-5.0-rc6-1sarge1mediumDSA-1247-1

Search for package or bug name: Reporting problems