SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 4
kernel-0:2.6.9-42.EL cpe:/o:redhat:enterprise_linux:4 RHSA-2006:0575 2006-08-10T00:00:00Z
References
Link Providers
http://secunia.com/advisories/20917 cve-icon cve-icon
http://secunia.com/advisories/20986 cve-icon cve-icon
http://secunia.com/advisories/21179 cve-icon cve-icon
http://secunia.com/advisories/21298 cve-icon cve-icon
http://secunia.com/advisories/21465 cve-icon cve-icon
http://secunia.com/advisories/21498 cve-icon cve-icon
http://secunia.com/advisories/21614 cve-icon cve-icon
http://secunia.com/advisories/21934 cve-icon cve-icon
http://secunia.com/advisories/22417 cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm cve-icon cve-icon
http://www.kb.cert.org/vuls/id/717844 cve-icon cve-icon
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git%3Ba=commit%3Bh=9c48e1ea8cf8800cc5e2d39ccbb8b5ff9704f8e9 cve-icon cve-icon
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.23 cve-icon cve-icon
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.3 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2006:151 cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2006_42_kernel.html cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2006_47_kernel.html cve-icon cve-icon
http://www.osvdb.org/26963 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2006-0575.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/439483/100/100/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/439610/100/100/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/18755 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-331-1 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-346-1 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/2623 cve-icon cve-icon
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197387 cve-icon cve-icon
https://issues.rpath.com/browse/RPL-488 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2006-2934 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10932 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2006-2934 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2006-06-30T21:00:00

Updated: 2024-08-07T18:06:27.215Z

Reserved: 2006-06-09T00:00:00

Link: CVE-2006-2934

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-06-30T21:05:00.000

Modified: 2024-11-21T00:12:26.220

Link: CVE-2006-2934

cve-icon Redhat

Severity : Important

Publid Date: 2006-06-30T00:00:00Z

Links: CVE-2006-2934 - Bugzilla