Info

Disclosure

Oct 21, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Linux contains a flaw that may allow a local denial of service. The issue is due to an infinite loop error in the "udp_v6_get_port()" function in "net/ipv6/udp.c", and will result in loss of availability.

Classification

Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 2.6.14-rc5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Linux

Linux Kernel

2.6.13.4

References

Secunia Advisory ID: 17261 17280 17648 17917 17918 18562 18684 19185 19369 19374 20237 21745
SCIP VulDB ID: 1833
CVE ID: 2005-2973 (see also: NVD)
Vendor Specific Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Dec/0002.html
http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
http://www.debian.org/security/2006/dsa-1017
http://www.smoothwall.org/updates/2.0/fixes8.html
http://www.ubuntulinux.org/usn/usn-219-1
http://www.us.debian.org/security/2006/dsa-1018
Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Dec/0004.html
Mail List Post: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=87bf9c97b4b3af8dec7b2b79cdfe7bfc0a0a03b2
Vendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170772
RedHat RHSA: RHSA-2006:0140 RHSA-2006:0190 RHSA-2006:0493

Credit

Tetsuo Handa -

Direct URL: http://osvdb.org/20163