Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2274

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2274
Last Modified 07 Mar 2011 09:35:51
Published 09 May 2006 04:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2274

Summary

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.

Vulnerable Systems

Application

  • Lksctp Stream Control Transmission Protocol 2.6.17


References

VUPEN - ADV-2006-2554

CONFIRM - http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6

XF - linux-sctp-skb-pull-dos(26432)

UBUNTU - USN-302-1

TRUSTIX - 2006-0026

BID - 17955

REDHAT - RHSA-2006:0493

OSVDB - 25746

SUSE - SUSE-SA:2006:028

MANDRIVA - MDKSA-2006:150

MANDRIVA - MDKSA-2006:123

DEBIAN - DSA-1103

DEBIAN - DSA-1097

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm

SECUNIA - 21745

SECUNIA - 21476

SECUNIA - 21045

SECUNIA - 20914

SECUNIA - 20716

SECUNIA - 20671

SECUNIA - 20398

SECUNIA - 20237


Last Updated: 27 May 2016 10:42:24