Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1522

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2006-1522
Last Modified 19 Mar 2012 12:00:00
Published 10 Apr 2006 04:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-1522

Summary

The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service (OOPS) via keyctl requests that add a key to a user key instead of a keyring key, which causes an invalid dereference in the __keyring_search_one function.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.16.1

  • Linux Kernel 2.6.17


References

CONFIRM - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188466

BID - 17451

CONFIRM - http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c3a9d6541f84ac3ff566982d08389b87c1c36b4e

SECUNIA - 19573

XF - linux-keyringsearchone-dos(25722)

VUPEN - ADV-2006-1475

VUPEN - ADV-2006-1307

UBUNTU - USN-302-1

REDHAT - RHSA-2006:0493

OSVDB - 24507

MANDRIVA - MDKSA-2006:086

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm

SECUNIA - 21745

SECUNIA - 20716

SECUNIA - 20237

SECUNIA - 20157

SECUNIA - 19735

FEDORA - FEDORA-2006-423

CONFIRM - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.3


Last Updated: 27 May 2016 10:42:30