| Vulnerability Name: | CVE-2006-6653 (CCN-31043) | ||||||||
| Assigned: | 2006-11-27 | ||||||||
| Published: | 2006-11-27 | ||||||||
| Updated: | 2011-07-25 | ||||||||
| Summary: | The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket"). This vulnerability is addressed in the following product updates: NetBSD, NetBSD, current (10/23/2006) NetBSD, NetBSD, 3.0 (10/24/2006) NetBSD, NetBSD, 3.0.1 (10/24/2006) NetBSD, NetBSD, 2.0 (10/29/2006) | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 1.7 Low (CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P) 1.3 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: NETBSD Type: Patch, Vendor Advisory NetBSD-SA2006-026 Source: MITRE Type: CNA CVE-2006-6653 Source: CCN Type: NetBSD-SA2006-026 Multiple denial of service issues Source: CCN Type: SECTRACK ID: 1017293 NetBSD Kernel Bugs Let Local Users Consume Sockets or Cause a Kernel Panic Source: SECTRACK Type: Patch 1017293 Source: CCN Type: OSVDB ID: 35989 NetBSD accept Function Socket Consumption Local DoS Source: CCN Type: BID-21327 NetBSD Multiple Local Denial of Service Vulnerabilities Source: XF Type: UNKNOWN netbsd-accept-dos(31043) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||