Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1368

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2006-1368
Last Modified 07 Mar 2011 09:32:53
Published 23 Mar 2006 06:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1368

Summary

Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.15


References

VUPEN - ADV-2006-2554

VUPEN - ADV-2006-1046

UBUNTU - USN-281-1

BID - 17831

MANDRIVA - MDKSA-2006:123

CONFIRM - http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16

CONFIRM - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8763716bfe4d8a16bef28c9947cf9d799b1796a5

DEBIAN - DSA-1103

DEBIAN - DSA-1097

SECUNIA - 21045

SECUNIA - 20914

SECUNIA - 20671

SECUNIA - 19955

SECUNIA - 19330


Last Updated: 27 May 2016 10:42:02