CVE-2006-2446
CVSS5.4
发布时间 :2006-08-15 18:04:00
修订时间 :2010-08-21 00:47:22
NMCOPS    

[原文]Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite.


[CNNVD]Linux内核不明套接字缓冲区操作远程拒绝服务漏洞(CNNVD-200608-245)

        Linux 内核2.6.9版本,可能还包括其它版本的套接字缓冲区操作中的kfree_skb函数和 __skb_unlink函数存在竞争条件,远程攻击者可触发拒绝服务攻击(崩溃),如使用LTP测试套进行TCP压力测试。

- CVSS (基础分值)

CVSS分值: 5.4 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9117Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other vers...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2446
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2446
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200608-245
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192779
(PATCH)  MISC  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192779
http://www.redhat.com/support/errata/RHSA-2006-0575.html
(PATCH)  REDHAT  RHSA-2006:0575
http://www.securityfocus.com/bid/19475
(UNKNOWN)  BID  19475
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
(UNKNOWN)  MANDRIVA  MDKSA-2007:025
http://www.debian.org/security/2006/dsa-1184
(UNKNOWN)  DEBIAN  DSA-1184
http://www.debian.org/security/2006/dsa-1183
(UNKNOWN)  DEBIAN  DSA-1183
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
http://secunia.com/advisories/22417
(UNKNOWN)  SECUNIA  22417
http://secunia.com/advisories/22093
(UNKNOWN)  SECUNIA  22093
http://secunia.com/advisories/22082
(UNKNOWN)  SECUNIA  22082
http://secunia.com/advisories/21465
(UNKNOWN)  SECUNIA  21465

- 漏洞信息

Linux内核不明套接字缓冲区操作远程拒绝服务漏洞
中危 资料不足
2006-08-15 00:00:00 2006-08-15 00:00:00
远程  
        Linux 内核2.6.9版本,可能还包括其它版本的套接字缓冲区操作中的kfree_skb函数和 __skb_unlink函数存在竞争条件,远程攻击者可触发拒绝服务攻击(崩溃),如使用LTP测试套进行TCP压力测试。

- 公告与补丁

        
        
        Linux kernel 2.6.10
        
        
        Linux kernel 2.6.3
        

- 漏洞信息 (F53890)

Mandriva Linux Security Advisory 2007.025 (PacketStormID:F53890)
2007-01-24 00:00:00
Mandriva  mandriva.com
advisory,kernel,vulnerability
linux,mandriva
CVE-2005-3272,CVE-2006-0741,CVE-2006-2446,CVE-2006-3741,CVE-2006-4145,CVE-2006-4535,CVE-2006-4813,CVE-2006-4997,CVE-2006-5619,CVE-2006-5749,CVE-2006-5754,CVE-2006-6106
[点击下载]

Mandriva Linux Security Advisory - A slew of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:025
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kernel
 Date    : January 23, 2007
 Affected: Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Some vulnerabilities were discovered and corrected in the Linux 2.6
 kernel:

 The 2.6 kernel prior to 2.6.12 allows remote attackers to poison the
 bridge forwarding table using frames that have already been dropped by
 filtering, which can cause the bridge to forward spoofed packets
 (CVE-2005-3272).

 Prior to 2.6.15.5, the kernel allows local users to cause a DoS
 ("endless recursive fault") via unknown attack vectors related to a
 "bad elf entry address" on Intel processors (CVE-2006-0741).

 A race condition in the socket buffer handling in the 2.6.9 kernel and
 earlier versions could allow a remote attacker to cause a DoS (crash)
 (CVE-2006-2446).

 Stephane Eranian discovered an issue with permon2.0 where, under
 certain circumstances, the perfmonctl() system call may not correctly
 manage the file descriptor reference count, resulting in the system
 possibly running out of file structure (CVE-2006-3741).

 Prior to and including 2.6.17, the Universal Disk Format (UDF)
 filesystem driver allowed local users to cause a DoS (hang and crash)
 via certain operations involving truncated files (CVE-2006-4145).

 Various versions of the Linux kernel allowed local users to cause a DoS
 (crash) via an SCTP socket with a certain SO_LINGER value, which is
 possibly related to the patch used to correct CVE-2006-3745
 (CVE-2006-4535).

 The __block_prepate_write function in the 2.6 kernel before 2.6.13 does
 not properly clear buffers during certain error conditions, which
 allows users to read portions of files that have been unlinked
 (CVE-2006-4813).

 The clip_mkip function of the ATM subsystem in the 2.6 kernel allows
 remote attackers to dause a DoS (panic) via unknown vectors that cause
 the ATM subsystem to access the memory of socket buffers after they are
 freed (CVE-2006-4997).

 The seqfile handling in the 2.6 kernel up to 2.6.18 allows local users
 to cause a DoS (hang or oops) via unspecified manipulations that
 trigger an infinite loop while searching for flowlabels
 (CVE-2006-5619).

 A missing call to init_timer() in the isdn_ppp code of the Linux kernel
 can allow remote attackers to send a special kind of PPP pakcet which
 may trigger a kernel oops (CVE-2006-5749).

 The aio_setup_ring() function initializes a variable incorrectly which
 can be used in error path to free allocated resources which could allow
 a local user to crash the node (CVE-2006-5754).

 A vulnerability in the bluetooth support could allow for overwriting
 internal CMTP and CAPI data structures via malformed packets
 (CVE-2006-6106).

 The provided packages are patched to fix these vulnerabilities.  All
 users are encouraged to upgrade to these updated kernels immediately
 and reboot to effect the fixes.

 To update your kernel, please follow the directions located at:

 http://www.mandriva.com/en/security/kernelupdate
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3272
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0741
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2446
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3741
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4145
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4535
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4813
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4997
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5619
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5749
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5754
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6106
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 c807857c820dae84bad9beac5ff132c2  corporate/3.0/i586/kernel-2.6.3.36mdk-1-1mdk.i586.rpm
 9502a05c5049f394b50a4f2128ca7311  corporate/3.0/i586/kernel-BOOT-2.6.3.36mdk-1-1mdk.i586.rpm
 26b4a92d5ed2c1953fb88fd304584281  corporate/3.0/i586/kernel-doc-2.6.3-36mdk.i586.rpm
 c2f4619bf4b4d9d3952ccad7eb4be16d  corporate/3.0/i586/kernel-enterprise-2.6.3.36mdk-1-1mdk.i586.rpm
 20970c40ded39599c4ad6bc976447c8c  corporate/3.0/i586/kernel-i686-up-4GB-2.6.3.36mdk-1-1mdk.i586.rpm
 5856cd990d971667d673216603cc9b1f  corporate/3.0/i586/kernel-p3-smp-64GB-2.6.3.36mdk-1-1mdk.i586.rpm
 0e978fa73922d870b487c2f8d14eaff3  corporate/3.0/i586/kernel-secure-2.6.3.36mdk-1-1mdk.i586.rpm
 fa9f0cdd42385ec68aa79198d2615617  corporate/3.0/i586/kernel-smp-2.6.3.36mdk-1-1mdk.i586.rpm
 8f9766f48b56d6a56333dcec3cfa611d  corporate/3.0/i586/kernel-source-2.6.3-36mdk.i586.rpm
 841863d5446060606da060acf72afce0  corporate/3.0/i586/kernel-source-stripped-2.6.3-36mdk.i586.rpm 
 15c7992f878a9ebcf38694d5700d90af  corporate/3.0/SRPMS/kernel-2.6.3.36mdk-1-1mdk.src.rpm

 Corporate 3.0/X86_64:
 9f3bb7174878cc5044386356e1c4bc57  corporate/3.0/x86_64/kernel-2.6.3.36mdk-1-1mdk.x86_64.rpm
 613608913f5dcb696b26e31ce5c01828  corporate/3.0/x86_64/kernel-BOOT-2.6.3.36mdk-1-1mdk.x86_64.rpm
 b6daad6d8d1c8bb7b8053935434ccd4b  corporate/3.0/x86_64/kernel-doc-2.6.3-36mdk.x86_64.rpm
 19857cc0134d55a81cfecf099b5f1715  corporate/3.0/x86_64/kernel-secure-2.6.3.36mdk-1-1mdk.x86_64.rpm
 b0cc99ea1220b2e3bd7922be994b3aef  corporate/3.0/x86_64/kernel-smp-2.6.3.36mdk-1-1mdk.x86_64.rpm
 8044690dcbf0a3a0c7b2e09bcc76a8d6  corporate/3.0/x86_64/kernel-source-2.6.3-36mdk.x86_64.rpm
 b67484105e125306b4dd5fdb5b84d67d  corporate/3.0/x86_64/kernel-source-stripped-2.6.3-36mdk.x86_64.rpm 
 15c7992f878a9ebcf38694d5700d90af  corporate/3.0/SRPMS/kernel-2.6.3.36mdk-1-1mdk.src.rpm

 Multi Network Firewall 2.0:
 c807857c820dae84bad9beac5ff132c2  mnf/2.0/i586/kernel-2.6.3.36mdk-1-1mdk.i586.rpm
 20970c40ded39599c4ad6bc976447c8c  mnf/2.0/i586/kernel-i686-up-4GB-2.6.3.36mdk-1-1mdk.i586.rpm
 5856cd990d971667d673216603cc9b1f  mnf/2.0/i586/kernel-p3-smp-64GB-2.6.3.36mdk-1-1mdk.i586.rpm
 0e978fa73922d870b487c2f8d14eaff3  mnf/2.0/i586/kernel-secure-2.6.3.36mdk-1-1mdk.i586.rpm
 fa9f0cdd42385ec68aa79198d2615617  mnf/2.0/i586/kernel-smp-2.6.3.36mdk-1-1mdk.i586.rpm 
 15c7992f878a9ebcf38694d5700d90af  mnf/2.0/SRPMS/kernel-2.6.3.36mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFtjLVmqjQ0CJFipgRAh4NAJ9mBphKCqAcJJxFx+Pu93PWLFj2QgCfTU9W
Pjt+NcjswOJYQvr5JIMDWzg=
=Vm8v
-----END PGP SIGNATURE-----

    

- 漏洞信息

28551
Linux Kernel kfree_skb / __skb_unlink Function Race Condition DoS
Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-05-22 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux Kernel Unspecified Socket Buffer Handling Remote Denial of Service Vulnerability
Unknown 19475
Yes No
2006-08-10 12:00:00 2007-01-29 11:30:00
The original discoverer of this issue is currently unknown. This issue was disclosed in the referenced Red Hat advisory.

- 受影响的程序版本

RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Enterprise Linux AS 4
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Linux kernel 2.6.17 .8
Linux kernel 2.6.17 .7
Linux kernel 2.6.17 .6
Linux kernel 2.6.17 .5
Linux kernel 2.6.17 .4
Linux kernel 2.6.17 .3
Linux kernel 2.6.17 .1
Linux kernel 2.6.17 -rc5
Linux kernel 2.6.17
Linux kernel 2.6.17
Linux kernel 2.6.17
Linux kernel 2.6.16 27
Linux kernel 2.6.16 13
Linux kernel 2.6.16 .9
Linux kernel 2.6.16 .8
Linux kernel 2.6.16 .7
Linux kernel 2.6.16 .5
Linux kernel 2.6.16 .4
Linux kernel 2.6.16 .3
Linux kernel 2.6.16 .23
Linux kernel 2.6.16 .21
Linux kernel 2.6.16 .2
Linux kernel 2.6.16 .19
Linux kernel 2.6.16 .18
Linux kernel 2.6.16 .17
Linux kernel 2.6.16 .16
Linux kernel 2.6.16 .12
Linux kernel 2.6.16 .11
Linux kernel 2.6.16 .1
Linux kernel 2.6.16 -rc1
Linux kernel 2.6.16
Linux kernel 2.6.15 .6
Linux kernel 2.6.15 .4
Linux kernel 2.6.15 .3
Linux kernel 2.6.15 .2
Linux kernel 2.6.15 .1
Linux kernel 2.6.15 -rc6
Linux kernel 2.6.15 -rc5
Linux kernel 2.6.15 -rc4
Linux kernel 2.6.15 -rc3
Linux kernel 2.6.15 -rc2
Linux kernel 2.6.15 -rc1
Linux kernel 2.6.15
Linux kernel 2.6.14 .5
Linux kernel 2.6.14 .4
Linux kernel 2.6.14 .3
Linux kernel 2.6.14 .2
Linux kernel 2.6.14 .1
Linux kernel 2.6.14 -rc4
Linux kernel 2.6.14 -rc3
Linux kernel 2.6.14 -rc2
Linux kernel 2.6.14 -rc1
Linux kernel 2.6.14
Linux kernel 2.6.13 .4
Linux kernel 2.6.13 .3
Linux kernel 2.6.13 .2
Linux kernel 2.6.13 .1
Linux kernel 2.6.13 -rc7
Linux kernel 2.6.13 -rc6
Linux kernel 2.6.13 -rc4
Linux kernel 2.6.13 -rc1
Linux kernel 2.6.13
Linux kernel 2.6.12 .6
Linux kernel 2.6.12 .5
Linux kernel 2.6.12 .4
Linux kernel 2.6.12 .3
Linux kernel 2.6.12 .2
Linux kernel 2.6.12 .1
Linux kernel 2.6.12 -rc5
Linux kernel 2.6.12 -rc4
Linux kernel 2.6.12 -rc1
Linux kernel 2.6.12
Linux kernel 2.6.11 .8
Linux kernel 2.6.11 .7
Linux kernel 2.6.11 .6
Linux kernel 2.6.11 .5
Linux kernel 2.6.11 .12
Linux kernel 2.6.11 .11
Linux kernel 2.6.11 -rc4
Linux kernel 2.6.11 -rc3
Linux kernel 2.6.11 -rc2
Linux kernel 2.6.11
+ Red Hat Fedora Core4
Linux kernel 2.6.10 rc2
Linux kernel 2.6.10
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Trustix Secure Linux 3.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Linux kernel 2.6.9
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Linux kernel 2.6.8
Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6 .10
Linux kernel 2.6 -test9-CVS
Linux kernel 2.6 -test9
Linux kernel 2.6 -test8
Linux kernel 2.6 -test7
Linux kernel 2.6 -test6
Linux kernel 2.6 -test5
Linux kernel 2.6 -test4
Linux kernel 2.6 -test3
Linux kernel 2.6 -test2
Linux kernel 2.6 -test11
Linux kernel 2.6 -test10
Linux kernel 2.6 -test1
Linux kernel 2.6
Linux kernel 2.6.15.5
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8710 CM 3.1
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8700 CM 3.1
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8500 CM 3.1
Avaya S8500 0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya S8300 CM 3.1
Avaya S8300 0
Avaya Messaging Storage Server MM3.0
Avaya Converged Communications Server 2.0

- 漏洞讨论

The Linux kernel is prone to an unspecified remote denial-of-service vulnerability.

This issue allows remote attackers to cause kernel panics, denying service to legitimate users.

No further information is currently available. This BID will be updated as more information is released.

Specific version information is currently unavailable. Kernel versions in the 2.6 series are currently considered vulnerable.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Please see the referenced advisories for more information.


Linux kernel 2.6.10

Linux kernel 2.6.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站