CVE-2006-6143

NameCVE-2006-6143
DescriptionThe RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
krb5 (PTS)buster1.17-3+deb10u4fixed
buster (security)1.17-3+deb10u6fixed
bullseye1.18.3-6+deb11u4fixed
bullseye (security)1.18.3-6+deb11u3fixed
bookworm1.20.1-2+deb12u1fixed
trixie1.20.1-5fixed
sid1.20.1-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
krb5sourcesarge(not affected)
krb5source(unstable)1.4.4-6high

Search for package or bug name: Reporting problems