| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2006-6106 |
119 |
|
DoS Exec Code Overflow |
2006-12-19 |
2012-03-19 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field. |
|
2 |
CVE-2006-5823 |
|
|
DoS Mem. Corr. |
2006-11-09 |
2010-09-15 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs. |
|
3 |
CVE-2006-5751 |
|
|
Exec Code Overflow |
2006-12-01 |
2010-09-15 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request. |
|
4 |
CVE-2006-5619 |
399 |
|
DoS |
2006-10-31 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels. |
|
5 |
CVE-2006-5174 |
|
|
|
2006-10-10 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer. |
|
6 |
CVE-2006-5173 |
|
|
DoS |
2006-10-17 |
2008-11-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Check flag (EFLAGS 0x40000), which triggers a SIGBUS in other processes that have an unaligned access. |
|
7 |
CVE-2006-4997 |
|
|
DoS |
2006-10-10 |
2010-09-15 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference). |
|
8 |
CVE-2006-4813 |
|
|
|
2006-10-12 |
2010-09-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked. |
|
9 |
CVE-2006-4572 |
264 |
|
Bypass |
2006-11-06 |
2012-03-19 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug." |
|
10 |
CVE-2006-4538 |
|
|
DoS |
2006-09-05 |
2010-09-15 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries. |
|
11 |
CVE-2006-3741 |
|
|
DoS |
2006-10-10 |
2010-09-15 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption). |
|
12 |
CVE-2006-3468 |
|
|
DoS |
2006-07-21 |
2010-08-21 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only. |
|
13 |
CVE-2006-3085 |
|
|
DoS |
2006-06-23 |
2010-09-15 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length. |
|
14 |
CVE-2006-2936 |
399 |
|
DoS |
2006-07-10 |
2012-03-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued. |
|
15 |
CVE-2006-2935 |
|
|
Exec Code Overflow |
2006-07-05 |
2010-08-21 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow. |
|
16 |
CVE-2006-2448 |
|
|
DoS |
2006-06-23 |
2010-08-21 |
5.6 |
None |
Local |
High |
Not required |
Complete |
None |
Complete |
|
Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c). |
|
17 |
CVE-2006-2445 |
|
|
DoS |
2006-06-23 |
2010-04-02 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting. |
|
18 |
CVE-2006-2444 |
|
|
DoS |
2006-05-25 |
2010-08-21 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite. |
|
19 |
CVE-2006-1858 |
20 |
|
DoS Exec Code |
2006-05-22 |
2010-08-21 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters. |
|
20 |
CVE-2006-1857 |
119 |
|
DoS Exec Code Overflow |
2006-05-22 |
2010-08-21 |
9.0 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Complete |
|
Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk. |
|
21 |
CVE-2006-1528 |
20 |
|
DoS |
2006-05-18 |
2010-08-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space. |
|
22 |
CVE-2006-1525 |
399 |
|
DoS |
2006-04-19 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference. |
|
23 |
CVE-2006-1056 |
310 |
|
+Info |
2006-04-20 |
2012-03-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processers in a security-relevant fashion that was not addressed by the kernels. |
|
24 |
CVE-2006-1052 |
|
|
|
2006-05-05 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process. |
|
25 |
CVE-2006-0744 |
20 |
|
|
2006-04-18 |
2010-08-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS. |
|
26 |
CVE-2006-0557 |
|
|
|
2006-03-12 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack vectors. |
|
27 |
CVE-2006-0456 |
|
|
DoS |
2006-06-27 |
2010-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors. |
