Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2275

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2275
Last Modified 21 Aug 2010 12:46:58
Published 09 May 2006 04:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2275

Summary

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."

Vulnerable Systems

Application

  • Lksctp Stream Control Transmission Protocol 2.6.16


References

CONFIRM - http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5

XF - linux-sctp-receive-dos(26433)

UBUNTU - USN-302-1

TRUSTIX - 2006-0026

BID - 17955

REDHAT - RHSA-2006:0575

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm

SECUNIA - 22417

SECUNIA - 21465

SECUNIA - 20716


Last Updated: 27 May 2016 10:42:24