exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 2 of 2 RSS Feed

CVE-2006-1066

Status Candidate

Overview

Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems with preemption enabled, allows local users to cause a denial of service (oops) via multiple ptrace tasks that perform single steps, which can cause corruption of the DEBUG_STACK stack during the do_debug function call.

Related Files

Mandriva Linux Security Advisory 2006.151
Posted Aug 28, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-151 - A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2006-1066, CVE-2006-1863, CVE-2006-1864, CVE-2006-2934, CVE-2006-2935, CVE-2006-2936, CVE-2006-3468, CVE-2006-3745
SHA-256 | 680348d121ac7b42411ce9054f7d9429cb1c6b07902bddcdb5d5922ba71849e2
Ubuntu Security Notice 281-1
Posted May 6, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 281-1 - Multiple vulnerabilities have been discovered in the Linux 2.6 kernel. The sys_mbind() function did not properly verify the validity of the 'maxnod' argument. A local user could exploit this to trigger a buffer overflow, which caused a kernel crash. The SELinux module did not correctly handle the tracer SID when a process was already being traced. A local attacker could exploit this to cause a kernel crash. Al Viro discovered a local Denial of Service in the sysfs write buffer handling. By writing a block wit h a length exactly equal to the processor's page size to any writable file in /sys, a local attacker could cause a kernel crash. John Blackwood discovered a race condition with single-step debugging multiple processes at the same time. A local attacker could exploit this to crash the system. This only affects the amd64 platform. Marco Ivaldi discovered a flaw in the handling of the ID number of IP packets. This number was incremented after receiving unsolicited TCP SYN-ACK packets. A remote attacker could exploit this to conduct port scans with the 'Idle scan' method (nmap -sI), which bypassed intended port scan protections. Pavel Kankovsky discovered that the getsockopt() function, when called with an SO_ORIGINAL_DST argument, does not properly clear the returned structure, so that a random piece of kernel memory is exposed to the user. This could potentially reveal sensitive data like passwords or encryption keys. A buffer overflow was discovered in the USB Gadget RNDIS implementation. While creating a reply message, the driver did not allocate enough memory for the reply structure. A remote attacker could exploit this to cause a kernel crash. Alexandra Kossovsky discovered an invalid memory access in the ip_route_input() function. By using the 'ip' command in a particular way to retrieve multicast routes, a local attacker could exploit this to crash the kernel.

tags | advisory, remote, denial of service, overflow, kernel, local, tcp, vulnerability
systems | linux, ubuntu
advisories | CVE-2006-0557, CVE-2006-1052, CVE-2006-1055, CVE-2006-1066, CVE-2006-1242, CVE-2006-1343, CVE-2006-1368, CVE-2006-1525
SHA-256 | f07cfa72c65837f67fad1ccb0fdf321f1e3761c7e3af1e3608d6513ebf5ee200
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close