Vulnerabilities > CVE-2006-0454 - Resource Management Errors vulnerability in Linux Kernel
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors such as (1) record-route and (2) timestamp IP options with the needaddr bit set and a truncated value.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-250-1.NASL description Herbert Xu discovered a remote Denial of Service vulnerability in the ICMP packet handler. In some situations a memory allocation was released twice, which led to memory corruption. A remote attacker could exploit this to crash the machine. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21059 published 2006-03-13 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21059 title Ubuntu 5.10 : linux-source-2.6.12 vulnerability (USN-250-1) NASL family Fedora Local Security Checks NASL id FEDORA_2006-102.NASL description This update fixes a remotely exploitable denial of service attack in the icmp networking code (CVE-2006-0454). An information leak has also been fixed (CVE-2006-0095), and some debugging patches that had accidentally been left applied in the previous update have been removed, restoring the functionality of the last seen 2020-06-01 modified 2020-06-02 plugin id 20872 published 2006-02-10 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20872 title Fedora Core 4 : kernel-2.6.15-1.1831_FC4 (2006-102) NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_006.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:006 (kernel). The Linux kernel on SUSE Linux 10.0 has been updated to fix following security problems: - CVE-2006-0454: An extra dst release when ip_options_echo failed was fixed. This problem could be triggered by remote attackers and can potentially crash the machine. This is possible even with SuSEfirewall2 enabled. This affects only SUSE Linux 10.0, all other SUSE distributions are not affected. - CVE-2005-3356: A double decrement in mq_open system call could lead to local users crashing the machine. - CVE-2005-3358: A 0 argument passed to the set_mempolicy() system call could lead to a local user crashing the machine. - CVE-2005-4605: Kernel memory could be leaked to user space through a problem with seek() in /proc files . - CVE-2005-3623: Remote users could set ACLs even on read-only exported NFS Filesystems and so circumvent access control. - CVE-2005-3808: A 32 bit integer overflow on 64bit mmap calls could be used by local users to hang the machine. - CVE-2005-4635: Add sanity checks for headers and payload of netlink messages, which could be used by local attackers to crash the machine. Also various non-security bugs were fixed: - Fix up patch for cpufreq drivers that do not initialize current freq. - Handle BIOS cpufreq changes gracefully. - Updates to inotify handling. - Various XEN Updates. - Catches processor declarations with same ACPI id (P4HT) - PowerPC: g5 thermal overtemp bug on fluid cooled systems. - Fixed buffered ACPI events on a lot ASUS and some other machines. - Fix fs/exec.c:788 (de_thread()) BUG_ON (OSDL 5170). last seen 2019-10-28 modified 2006-02-10 plugin id 20879 published 2006-02-10 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20879 title SUSE-SA:2006:006: kernel NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-040.NASL description A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The udp_v6_get_port function in udp.c, when running IPv6, allows local users to cause a Denial of Service (infinite loop and crash) (CVE-2005-2973). The mq_open system call in certain situations can decrement a counter twice as a result of multiple calls to the mntput function when the dentry_open function call fails, allowing a local user to cause a DoS (panic) via unspecified attack vectors (CVE-2005-3356). The procfs code allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value (CVE-2005-4605). A buffer overflow in sysctl allows local users to cause a DoS and possibly execute arbitrary code via a long string, which causes sysctl to write a zero byte outside the buffer (CVE-2005-4618). A buffer overflow in the CA-driver for TwinHan DST Frontend/Card allows local users to cause a DoS (crash) and possibly execute arbitrary code by reading more than eight bytes into an eight byte long array (CVE-2005-4639). dm-crypt does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key (CVE-2006-0095). Remote attackers can cause a DoS via unknown attack vectors related to an last seen 2020-06-01 modified 2020-06-02 plugin id 20939 published 2006-02-19 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20939 title Mandrake Linux Security Advisory : kernel (MDKSA-2006:040)
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-09-17 |
| organization | Red Hat |
| statement | Not vulnerable. This vulnerability was introduced into the Linux kernel in version 2.6.12 and therefore does not affect users of Red Hat Enterprise Linux 2.1, 3, or 4. |
References
- http://lists.immunitysec.com/pipermail/dailydave/2006-February/002909.html
- http://marc.info/?l=linux-kernel&m=113927617401569&w=2
- http://marc.info/?l=linux-kernel&m=113927648820694&w=2
- http://secunia.com/advisories/18766
- http://secunia.com/advisories/18774
- http://secunia.com/advisories/18784
- http://secunia.com/advisories/18788
- http://secunia.com/advisories/18861
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.3
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:040
- http://www.novell.com/linux/security/advisories/2006_06_kernel.html
- http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00037.html
- http://www.securityfocus.com/archive/1/427981/100/0/threaded
- http://www.securityfocus.com/bid/16532
- http://www.trustix.org/errata/2006/0006
- http://www.ubuntu.com/usn/usn-250-1
- http://www.vupen.com/english/advisories/2006/0464
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24575