CVE-2006-1368 - OpenCVE

Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/19330
http://secunia.com/advisories/19955
http://secunia.com/advisories/20671
http://secunia.com/advisories/20914
http://secunia.com/advisories/21045
http://www.debian.org/security/2006/dsa-1097
http://www.debian.org/security/2006/dsa-1103
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8763716bfe4d8a16bef28c9947cf9d799b1796a5
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16
http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
http://www.securityfocus.com/bid/17831
http://www.vupen.com/english/advisories/2006/1046
http://www.vupen.com/english/advisories/2006/2554
https://usn.ubuntu.com/281-1/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-23T23:00:00

Updated: 2024-08-07T17:12:20.809Z

Reserved: 2006-03-23T00:00:00

Link: CVE-2006-1368

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-03-23T23:06:00.000

Modified: 2023-11-07T01:58:36.940

Link: CVE-2006-1368

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-22T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "17831", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17831"}, {"name": "ADV-2006-2554", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2554"}, {"name": "USN-281-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/281-1/"}, {"name": "ADV-2006-1046", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1046"}, {"name": "MDKSA-2006:123", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:123"}, {"name": "DSA-1097", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1097"}, {"name": "19955", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19955"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16"}, {"name": "DSA-1103", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1103"}, {"name": "21045", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21045"}, {"name": "19330", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19330"}, {"name": "20671", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20671"}, {"name": "20914", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20914"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8763716bfe4d8a16bef28c9947cf9d799b1796a5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1368", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17831", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17831"}, {"name": "ADV-2006-2554", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2554"}, {"name": "USN-281-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/281-1/"}, {"name": "ADV-2006-1046", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1046"}, {"name": "MDKSA-2006:123", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:123"}, {"name": "DSA-1097", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1097"}, {"name": "19955", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19955"}, {"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16"}, {"name": "DSA-1103", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1103"}, {"name": "21045", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21045"}, {"name": "19330", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19330"}, {"name": "20671", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20671"}, {"name": "20914", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20914"}, {"name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8763716bfe4d8a16bef28c9947cf9d799b1796a5", "refsource": "CONFIRM", "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8763716bfe4d8a16bef28c9947cf9d799b1796a5"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:12:20.809Z"}, "title": "CVE Program Container", "references": [{"name": "17831", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17831"}, {"name": "ADV-2006-2554", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2554"}, {"name": "USN-281-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/281-1/"}, {"name": "ADV-2006-1046", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1046"}, {"name": "MDKSA-2006:123", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:123"}, {"name": "DSA-1097", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1097"}, {"name": "19955", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19955"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16"}, {"name": "DSA-1103", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1103"}, {"name": "21045", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21045"}, {"name": "19330", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19330"}, {"name": "20671", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20671"}, {"name": "20914", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20914"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8763716bfe4d8a16bef28c9947cf9d799b1796a5"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1368", "datePublished": "2006-03-23T23:00:00", "dateReserved": "2006-03-23T00:00:00", "dateUpdated": "2024-08-07T17:12:20.809Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7A893C0-1374-4B55-92C9-47CA407B7842", "versionEndIncluding": "2.6.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure."}], "evaluatorSolution": "Update to version 2.6.16.", "id": "CVE-2006-1368", "lastModified": "2023-11-07T01:58:36.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-23T23:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19330"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19955"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20671"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20914"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21045"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1097"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1103"}, {"source": "cve@mitre.org", "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8763716bfe4d8a16bef28c9947cf9d799b1796a5"}, {"source": "cve@mitre.org", "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:123"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17831"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1046"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2554"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/281-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}