| Vulnerability Name: | CVE-2006-2274 (CCN-26432) | ||||||||||||||||||||||||
| Assigned: | 2006-05-06 | ||||||||||||||||||||||||
| Published: | 2006-05-06 | ||||||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||||||
| Summary: | Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2006-2274 Source: CCN Type: The Linux Kernel Archives [SCTP]: Prevent possible infinite recursion with multiple bundled DATA. Source: CONFIRM Type: UNKNOWN http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6 Source: CCN Type: RHSA-2006-0493 kernel security update Source: SECUNIA Type: UNKNOWN 20237 Source: SECUNIA Type: UNKNOWN 20398 Source: SECUNIA Type: UNKNOWN 20671 Source: SECUNIA Type: UNKNOWN 20716 Source: SECUNIA Type: UNKNOWN 20914 Source: SECUNIA Type: UNKNOWN 21045 Source: CCN Type: SA21476 Linux Kernel Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 21476 Source: CCN Type: SA21745 Avaya Products Linux Kernel Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 21745 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm Source: CCN Type: ASA-2006-161 kernel security update (RHSA-2006-0493) Source: DEBIAN Type: UNKNOWN DSA-1097 Source: DEBIAN Type: UNKNOWN DSA-1103 Source: DEBIAN Type: DSA-1097 kernel-source-2.4.27 -- several vulnerabilities Source: DEBIAN Type: DSA-1103 kernel-source-2.6.8 -- several vulnerabilities Source: MANDRIVA Type: UNKNOWN MDKSA-2006:123 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:150 Source: SUSE Type: UNKNOWN SUSE-SA:2006:028 Source: OSVDB Type: UNKNOWN 25746 Source: CCN Type: OSVDB ID: 25746 Linux Kernel SCTP sctp_skb_pull Malformed Packet Remote DoS Source: REDHAT Type: UNKNOWN RHSA-2006:0493 Source: BID Type: UNKNOWN 17955 Source: CCN Type: BID-17955 Linux Kernel 2.6.16.13 Multiple SCTP Remote Denial of Service Vulnerabilities Source: TRUSTIX Type: UNKNOWN 2006-0026 Source: CCN Type: USN-302-1 Linux kernel vulnerabilities Source: UBUNTU Type: UNKNOWN USN-302-1 Source: VUPEN Type: UNKNOWN ADV-2006-2554 Source: XF Type: UNKNOWN linux-sctp-skb-pull-dos(26432) Source: XF Type: UNKNOWN linux-sctp-skb-pull-dos(26432) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9531 Source: SUSE Type: SUSE-SA:2006:028 various kernel security problems Source: CCN Type: IBM Systems Support Web site Support for HMC | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||