PT-2005-1047 · Linux+1 · Linux Kernel+1

Wei Wang

Published

2005-12-31

Updated

2018-10-17

CVE-2006-3745

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.4.23 through 2.4.33 Linux kernel versions 2.6.x before 2.6.17.10

Description The issue affects the Linux kernel, specifically the SCTP implementation, and can be exploited to cause a denial of service or potentially gain root privileges. The sctp make abort user function is vulnerable, allowing local users to launch an attack. The estimated number of potentially affected devices is not specified.

Recommendations For Linux kernel versions 2.4.23 through 2.4.33, consider upgrading to a version outside of this range to mitigate the risk. For Linux kernel versions 2.6.x before 2.6.17.10, upgrade to version 2.6.17.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the sctp make abort user function to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-03499

CVE-2006-3745

DSA-1183-1

DSA-1184-2

RHSA-2006:0617

RHSA-2006_0617

Affected Products

Linux Kernel

Red Hat

PT-2005-1047 · Linux+1 · Linux Kernel+1

CVE-2006-3745

Related Identifiers

Affected Products

References · 116