CVE-2006-6106

Name of the Vulnerable Software and Affected Versions Debian GNU/Linux kernel-image-2.4.27-4-itanium versions 2.4.27-4-itanium Debian GNU/Linux kernel-image-2.4.27-4-586tsc versions 2.4.27-4-586tsc Debian GNU/Linux kernel-image-2.4.27-4-s390 versions 2.4.27-4-s390 Debian GNU/Linux kernel-image-2.4.27-4-s390-tape versions 2.4.27-4-s390-tape Debian GNU/Linux kernel-image-2.4.27-4-mckinley versions 2.4.27-4-mckinley Debian GNU/Linux kernel-image-2.4.27-4-mckinley-smp versions 2.4.27-4-mckinley-smp Debian GNU/Linux kernel-image-2.4.27-4-686 versions 2.4.27-4-686 Debian GNU/Linux kernel-image-2.4.27-4-686-smp versions 2.4.27-4-686-smp Debian GNU/Linux kernel-image-2.4.27-4-k7 versions 2.4.27-4-k7 Debian GNU/Linux kernel-image-2.4.27-4-k7-smp versions 2.4.27-4-k7-smp Debian GNU/Linux kernel-image-2.4.27-4-sparc64 versions 2.4.27-4-sparc64 Debian GNU/Linux kernel-image-2.4.27-4-sparc64-smp versions 2.4.27-4-sparc64-smp Debian GNU/Linux kernel-image-2.4.27-4-sparc32 versions 2.4.27-4-sparc32 Debian GNU/Linux kernel-image-2.4.27-4-sparc32-smp versions 2.4.27-4-sparc32-smp Debian GNU/Linux kernel-image-2.4.27-4-386 versions 2.4.27-4-386 Debian GNU/Linux kernel-image-2.4.27-4-k6 versions 2.4.27-4-k6 Debian GNU/Linux kernel-image-2.4.27-4-s390x versions 2.4.27-4-s390x openSUSE usbvision-kmp-default versions not specified openSUSE kernel-default-nongpl versions not specified openSUSE kernel-bigsmp-nongpl versions not specified openSUSE kernel-xen-nongpl versions not specified openSUSE kernel-um-nongpl versions not specified openSUSE kernel-smp-nongpl versions not specified openSUSE k smp versions not specified openSUSE k deflt versions not specified openSUSE k itanium2-smp versions not specified openSUSE k itanium2 versions not specified openSUSE k athlon versions not specified openSUSE k page-64k versions not specified openSUSE k numa versions not specified openSUSE k psmp versions not specified openSUSE km nss versions not specified SUSE Linux Enterprise k smp versions not specified SUSE Linux Enterprise k deflt versions not specified SUSE Linux Enterprise k athlon versions not specified SUSE Linux Enterprise k debug versions not specified Linux kernel versions 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x

Description The issue is related to multiple vulnerabilities in various Linux kernel packages and modules, which can lead to a denial of service (crash) and potentially allow remote attackers to execute arbitrary code. The vulnerabilities can be exploited remotely. The affected packages include kernel-image, kernel-headers, pcmcia-modules, hostap-modules, and others. The vulnerabilities are related to buffer overflows in the cmtp recv interopmsg function in the Bluetooth driver.

Recommendations For each affected version, update to a newer version that contains a fix for this issue. As a temporary workaround, consider disabling the vulnerable functions or modules until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the vulnerable parameters or variables in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.