CVE-2006-5989

NameCVE-2006-5989
DescriptionOff-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1247-1
Debian Bugs400589

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libapache-mod-auth-kerb (PTS)buster5.4-2.4~deb10u1fixed
sid5.4-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libapache-mod-auth-kerbsourcesarge4.996-5.0-rc6-1sarge1DSA-1247-1
libapache-mod-auth-kerbsource(unstable)5.3-1low400589

Search for package or bug name: Reporting problems