1. CVE-Search
  2. CVE-2006-4535
ID CVE-2006-4535
Summary The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6.17.10:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.17.10:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.17.11:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.17.11:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 11-10-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
oval via4
accepted 2013-04-29T04:06:28.741-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch.
family unix
id oval:org.mitre.oval:def:10530
status accepted
submitted 2010-07-09T03:56:16-04:00
title The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch.
version 29
redhat via4
advisories
rhsa
id RHSA-2006:0689
rpms
  • kernel-0:2.6.9-42.0.3.EL
  • kernel-debuginfo-0:2.6.9-42.0.3.EL
  • kernel-devel-0:2.6.9-42.0.3.EL
  • kernel-doc-0:2.6.9-42.0.3.EL
  • kernel-hugemem-0:2.6.9-42.0.3.EL
  • kernel-hugemem-devel-0:2.6.9-42.0.3.EL
  • kernel-largesmp-0:2.6.9-42.0.3.EL
  • kernel-largesmp-devel-0:2.6.9-42.0.3.EL
  • kernel-smp-0:2.6.9-42.0.3.EL
  • kernel-smp-devel-0:2.6.9-42.0.3.EL
refmap via4
bid 20087
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm
debian
  • DSA-1183
  • DSA-1184
mandriva
  • MDKSA-2006:182
  • MDKSA-2007:025
misc
sectrack 1016992
secunia
  • 21945
  • 21967
  • 22082
  • 22093
  • 22292
  • 22382
  • 22945
ubuntu USN-347-1
xf kernel-sctp-dos(29011)
Last major update 11-10-2017 - 01:31
Published 19-09-2006 - 19:07
Last modified 11-10-2017 - 01:31
Back to Top