CVE-2006-1368
Debian Linux Security Advisory 1103-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure.
Multiple vulnerabilities have been discovered in the Linux 2.6 kernel. The sys_mbind() function did not properly verify the validity of the 'maxnod' argument. A local user could exploit this to trigger a buffer overflow, which caused a kernel crash. The SELinux module did not correctly handle the tracer SID when a process was already being traced. A local attacker could exploit this to cause a kernel crash. Al Viro discovered a local Denial of Service in the sysfs write buffer handling. By writing a block wit h a length exactly equal to the processor's page size to any writable file in /sys, a local attacker could cause a kernel crash. John Blackwood discovered a race condition with single-step debugging multiple processes at the same time. A local attacker could exploit this to crash the system. This only affects the amd64 platform. Marco Ivaldi discovered a flaw in the handling of the ID number of IP packets. This number was incremented after receiving unsolicited TCP SYN-ACK packets. A remote attacker could exploit this to conduct port scans with the 'Idle scan' method (nmap -sI), which bypassed intended port scan protections. Pavel Kankovsky discovered that the getsockopt() function, when called with an SO_ORIGINAL_DST argument, does not properly clear the returned structure, so that a random piece of kernel memory is exposed to the user. This could potentially reveal sensitive data like passwords or encryption keys. A buffer overflow was discovered in the USB Gadget RNDIS implementation. While creating a reply message, the driver did not allocate enough memory for the reply structure. A remote attacker could exploit this to cause a kernel crash. Alexandra Kossovsky discovered an invalid memory access in the ip_route_input() function. By using the 'ip' command in a particular way to retrieve multicast routes, a local attacker could exploit this to crash the kernel.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-03-23 CVE Reserved
- 2006-03-23 CVE Published
- 2024-08-07 CVE Updated
- 2025-04-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (14)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/20671 | Third Party Advisory | |
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8763716bfe4d8a16bef28c9947cf9d799b1796a5 | X_refsource_confirm | |
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16 | X_refsource_confirm | |
http://www.securityfocus.com/bid/17831 | Vdb Entry | |
http://www.vupen.com/english/advisories/2006/1046 | Vdb Entry | |
http://www.vupen.com/english/advisories/2006/2554 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/19330 | 2023-11-07 | |
http://secunia.com/advisories/19955 | 2023-11-07 | |
http://secunia.com/advisories/20914 | 2023-11-07 | |
http://secunia.com/advisories/21045 | 2023-11-07 | |
http://www.debian.org/security/2006/dsa-1097 | 2023-11-07 | |
http://www.debian.org/security/2006/dsa-1103 | 2023-11-07 | |
http://www.mandriva.com/security/advisories?name=MDKSA-2006:123 | 2023-11-07 | |
https://usn.ubuntu.com/281-1 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 2.6.15 Search vendor "Linux" for product "Linux Kernel" and version " <= 2.6.15" | - |
Affected
|