CVE-2006-6144

Name of the Vulnerable Software and Affected Versions: mit-krb5 versions prior to 1.5.2 GSS-API library for Kerberos 5 versions 1.5 through 1.5.1

Description: The issue affects the mit-krb5 package in Gentoo Linux and the GSS-API library for Kerberos 5, allowing remote attackers to exploit vulnerabilities that may lead to a violation of confidentiality, integrity, and availability of protected information. Specifically, the "mechglue" abstraction interface in the GSS-API library can cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers, such as mechglue interface.

Recommendations: For mit-krb5 versions prior to 1.5.2, update to version 1.5.2 or later. For GSS-API library for Kerberos 5 versions 1.5 through 1.5.1, update to version 1.5.2 or later. As a temporary workaround, consider restricting access to the mechglue abstraction interface until a patch is available.