CVE-2006-2272 - Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic

CVE-2006-2272

Summary

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks. This vulnerability is addressed in the following product release: Linux, SCTP, 2.6.17

References

Vulnerable Configurations

cpe:2.3:a:lksctp:stream_control_transmission_protocol:-:*:*:*:*:*:*:*
cpe:2.3:a:lksctp:stream_control_transmission_protocol:-:*:*:*:*:*:*:*
cpe:2.3:a:lksctp:stream_control_transmission_protocol:2.6.16:*:*:*:*:*:*:*
cpe:2.3:a:lksctp:stream_control_transmission_protocol:2.6.16:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 11-10-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

oval via4

accepted

2013-04-29T04:12:38.013-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks.

family

unix

oval:org.mitre.oval:def:11243

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks.

version

redhat via4

advisories

rhsa

id	RHSA-2006:0493

rpms

kernel-0:2.6.9-34.0.1.EL
kernel-debuginfo-0:2.6.9-34.0.1.EL
kernel-devel-0:2.6.9-34.0.1.EL
kernel-doc-0:2.6.9-34.0.1.EL
kernel-hugemem-0:2.6.9-34.0.1.EL
kernel-hugemem-devel-0:2.6.9-34.0.1.EL
kernel-largesmp-0:2.6.9-34.0.1.EL
kernel-largesmp-devel-0:2.6.9-34.0.1.EL
kernel-smp-0:2.6.9-34.0.1.EL
kernel-smp-devel-0:2.6.9-34.0.1.EL

refmap via4

bid	17910
confirm	http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
debian	DSA-1097 DSA-1103
fulldisc	20060508 [MU-200605-01] Multiple vulnerabilities in Linux SCTP 2.6.16
mandriva	MDKSA-2006:086
misc	http://labs.musecurity.com/advisories/MU-200605-01.txt
osvdb	25633
secunia	19990 20157 20237 20398 20671 20716 20914 21476 21745
suse	SUSE-SA:2006:028
trustix	2006-0026
ubuntu	USN-302-1
vupen	ADV-2006-1734 ADV-2006-2554
xf	linux-sctp-control-chunk-dos(26431)

Last major update

11-10-2017 - 01:30

Published

09-05-2006 - 16:02

Last modified

11-10-2017 - 01:30