Vulnerabilities > CVE-2005-3660 - Local Socket Buffer Memory Exhaustion Denial of Service vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
Vulnerable Configurations
References
- http://secunia.com/advisories/18205
- http://securityreason.com/securityalert/291
- http://securitytracker.com/id?1015402
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=362
- http://www.securityfocus.com/bid/16041
- http://www.vupen.com/english/advisories/2005/3076
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23835