Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2271

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2006-2271
Last Modified 07 Mar 2011 09:35:51
Published 09 May 2006 12:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2271

Summary

The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state.

Vulnerable Systems

Application

  • Lksctp 2.6.0 Test1 0.7.2

  • Lksctp 2.6.0 Test4 0.7.3

  • Lksctp 2.6.10 1.0.2

  • Lksctp 2.6.13 1.0.3

  • Lksctp 2.6.14 1.0.4

  • Lksctp 2.6.15 1.0.5

  • Lksctp 2.6.16 1.0.6

  • Lksctp 2.6.2 0.9.0

  • Lksctp 2.6.3 1.0.0

  • Lksctp 2.6.6 1.0.1


References

SECUNIA - 19990

MISC - http://labs.musecurity.com/advisories/MU-200605-01.txt

FULLDISC - 20060508 [MU-200605-01] Multiple vulnerabilities in Linux SCTP 2.6.16

VUPEN - ADV-2006-2554

VUPEN - ADV-2006-1734

CONFIRM - http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e

XF - linux-sctp-ecne-chunk-dos(26430)

UBUNTU - USN-302-1

TRUSTIX - 2006-0026

BID - 17910

REDHAT - RHSA-2006:0493

OSVDB - 25632

SUSE - SUSE-SA:2006:028

MANDRIVA - MDKSA-2006:086

DEBIAN - DSA-1103

DEBIAN - DSA-1097

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm

SECUNIA - 21745

SECUNIA - 21476

SECUNIA - 20914

SECUNIA - 20716

SECUNIA - 20671

SECUNIA - 20398

SECUNIA - 20237

SECUNIA - 20157


Last Updated: 27 May 2016 10:42:24