CVE-2006-2274 - OpenCVE

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Lksctp	Stream Control Transmission Protocol

Configuration 1 [-]

cpe:2.3:a:lksctp:stream_control_transmission_protocol:2.6.17:*:*:*:*:*:*:*

References

Link	Resource
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6
http://secunia.com/advisories/20237
http://secunia.com/advisories/20398
http://secunia.com/advisories/20671
http://secunia.com/advisories/20716
http://secunia.com/advisories/20914
http://secunia.com/advisories/21045
http://secunia.com/advisories/21476
http://secunia.com/advisories/21745
http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
http://www.debian.org/security/2006/dsa-1097
http://www.debian.org/security/2006/dsa-1103
http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
http://www.novell.com/linux/security/advisories/2006-05-31.html
http://www.osvdb.org/25746
http://www.redhat.com/support/errata/RHSA-2006-0493.html
http://www.securityfocus.com/bid/17955
http://www.trustix.org/errata/2006/0026
http://www.ubuntu.com/usn/usn-302-1
http://www.vupen.com/english/advisories/2006/2554
https://exchange.xforce.ibmcloud.com/vulnerabilities/26432
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9531

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-05-09T20:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2006-05-09T00:00:00

Link: CVE-2006-2274

JSON object: View

NVD Information

Status : Modified

Published: 2006-05-09T20:02:00.000

Modified: 2023-11-07T01:58:46.930

Link: CVE-2006-2274

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-05-06T00:00:00", "descriptions": [{"lang": "en", "value": "Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm"}, {"name": "RHSA-2006:0493", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html"}, {"name": "ADV-2006-2554", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2554"}, {"name": "17955", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17955"}, {"name": "20716", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20716"}, {"name": "21476", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21476"}, {"name": "21745", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21745"}, {"name": "MDKSA-2006:150", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150"}, {"name": "USN-302-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-302-1"}, {"name": "MDKSA-2006:123", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:123"}, {"name": "DSA-1097", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1097"}, {"name": "SUSE-SA:2006:028", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6"}, {"name": "2006-0026", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2006/0026"}, {"name": "DSA-1103", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1103"}, {"name": "linux-sctp-skb-pull-dos(26432)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26432"}, {"name": "21045", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21045"}, {"name": "20237", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20237"}, {"name": "20398", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20398"}, {"name": "25746", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/25746"}, {"name": "oval:org.mitre.oval:def:9531", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9531"}, {"name": "20671", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20671"}, {"name": "20914", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20914"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2274", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm"}, {"name": "RHSA-2006:0493", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html"}, {"name": "ADV-2006-2554", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2554"}, {"name": "17955", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17955"}, {"name": "20716", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20716"}, {"name": "21476", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21476"}, {"name": "21745", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21745"}, {"name": "MDKSA-2006:150", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150"}, {"name": "USN-302-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-302-1"}, {"name": "MDKSA-2006:123", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:123"}, {"name": "DSA-1097", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1097"}, {"name": "SUSE-SA:2006:028", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"}, {"name": "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6", "refsource": "CONFIRM", "url": "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6"}, {"name": "2006-0026", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2006/0026"}, {"name": "DSA-1103", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1103"}, {"name": "linux-sctp-skb-pull-dos(26432)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26432"}, {"name": "21045", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21045"}, {"name": "20237", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20237"}, {"name": "20398", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20398"}, {"name": "25746", "refsource": "OSVDB", "url": "http://www.osvdb.org/25746"}, {"name": "oval:org.mitre.oval:def:9531", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9531"}, {"name": "20671", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20671"}, {"name": "20914", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20914"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2274", "datePublished": "2006-05-09T20:00:00", "dateReserved": "2006-05-09T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lksctp:stream_control_transmission_protocol:2.6.17:*:*:*:*:*:*:*", "matchCriteriaId": "1D74A43C-4D2F-482A-B786-DCFA580C1770", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function."}], "id": "CVE-2006-2274", "lastModified": "2023-11-07T01:58:46.930", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-05-09T20:02:00.000", "references": [{"source": "cve@mitre.org", "url": "http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20237"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20398"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20671"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20716"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20914"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21045"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21476"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21745"}, {"source": "cve@mitre.org", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1097"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1103"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:123"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/25746"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17955"}, {"source": "cve@mitre.org", "url": "http://www.trustix.org/errata/2006/0026"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-302-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2554"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26432"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9531"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}