CVE-2006-2274
First published: Tue May 09 2006(Updated: )
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lksctp Stream Control Transmission Protocol | =2.6.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6
- http://www.trustix.org/errata/2006/0026
- http://www.securityfocus.com/bid/17955
- http://www.redhat.com/support/errata/RHSA-2006-0493.html
- http://secunia.com/advisories/20237
- http://www.debian.org/security/2006/dsa-1097
- http://secunia.com/advisories/20671
- http://www.novell.com/linux/security/advisories/2006-05-31.html
- http://www.ubuntu.com/usn/usn-302-1
- http://secunia.com/advisories/20716
- http://www.debian.org/security/2006/dsa-1103
- http://secunia.com/advisories/20914
- http://secunia.com/advisories/21045
- http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
- http://secunia.com/advisories/21745
- http://secunia.com/advisories/20398
- http://www.osvdb.org/25746
- http://secunia.com/advisories/21476
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
- http://www.vupen.com/english/advisories/2006/2554
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26432
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9531
- http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6
- collector/nvd-api
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/lksctp
- canonical/lksctp stream control transmission protocol
- version/lksctp stream control transmission protocol/2.6.17