CVE-2006-2271
First published: Tue May 09 2006(Updated: )
The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lksctp Lksctp | =2.6.0_test1_0.7.2 | |
| Lksctp Lksctp | =2.6.2_0.9.0 | |
| Lksctp Lksctp | =2.6.15_1.0.5 | |
| Lksctp Lksctp | =2.6.0_test4_0.7.3 | |
| Lksctp Lksctp | =2.6.13_1.0.3 | |
| Lksctp Lksctp | =2.6.16_1.0.6 | |
| Lksctp Lksctp | =2.6.10_1.0.2 | |
| Lksctp Lksctp | =2.6.6_1.0.1 | |
| Lksctp Lksctp | =2.6.14_1.0.4 | |
| Lksctp Lksctp | =2.6.3_1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0227.html
- http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=35d63edb1c807bc5317e49592260e84637bc432e
- http://labs.musecurity.com/advisories/MU-200605-01.txt
- http://secunia.com/advisories/19990
- http://secunia.com/advisories/20157
- http://secunia.com/advisories/20237
- http://secunia.com/advisories/20398
- http://secunia.com/advisories/20671
- http://secunia.com/advisories/20716
- http://secunia.com/advisories/20914
- http://secunia.com/advisories/21476
- http://secunia.com/advisories/21745
- http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
- http://www.debian.org/security/2006/dsa-1097
- http://www.debian.org/security/2006/dsa-1103
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:086
- http://www.novell.com/linux/security/advisories/2006-05-31.html
- http://www.osvdb.org/25632
- http://www.redhat.com/support/errata/RHSA-2006-0493.html
- http://www.securityfocus.com/bid/17910
- http://www.trustix.org/errata/2006/0026
- http://www.ubuntu.com/usn/usn-302-1
- http://www.vupen.com/english/advisories/2006/1734
- http://www.vupen.com/english/advisories/2006/2554
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26430
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10934
- http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=35d63edb1c807bc5317e49592260e84637bc432e
Frequently Asked Questions
What is the severity of CVE-2006-2271?
CVE-2006-2271 has been classified as a denial of service vulnerability that can lead to a kernel panic.
How do I fix CVE-2006-2271?
To fix CVE-2006-2271, you should update Linux SCTP to version 2.6.17 or later.
What software is affected by CVE-2006-2271?
CVE-2006-2271 affects various versions of Linux SCTP, specifically versions before 2.6.17.
Can CVE-2006-2271 be exploited remotely?
Yes, CVE-2006-2271 can be exploited by remote attackers through unexpected ECNE chunks.
What impact does CVE-2006-2271 have on the system?
The impact of CVE-2006-2271 is a denial of service, resulting in the crashing of the system's kernel.
- collector/nvd-api
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/lksctp
- canonical/lksctp lksctp
- version/lksctp lksctp/2.6.0_test1_0.7.2
- version/lksctp lksctp/2.6.0_test4_0.7.3
- version/lksctp lksctp/2.6.2_0.9.0
- version/lksctp lksctp/2.6.3_1.0.0
- version/lksctp lksctp/2.6.6_1.0.1
- version/lksctp lksctp/2.6.10_1.0.2
- version/lksctp lksctp/2.6.13_1.0.3
- version/lksctp lksctp/2.6.14_1.0.4
- version/lksctp lksctp/2.6.15_1.0.5
- version/lksctp lksctp/2.6.16_1.0.6