Vulnerabilities > CVE-2006-5396 - Local Denial of Service vulnerability in SUN Solaris 10.0

047910
CVSS 4.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
local
low complexity
sun
nessus

Summary

The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service (system crash) via a TCP loopback connection with both endpoints on the same system.

Vulnerable Configurations

Part Description Count
OS
Sun
1

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_118855.NASL
    descriptionSunOS 5.10_x86: kernel patch. Date this patch was last updated by Sun : Jan/29/07 This plugin has been deprecated and either replaced with individual 118855 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id22154
    published2006-08-04
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=22154
    titleSolaris 10 (x86) : 118855-36 (deprecated)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_118833.NASL
    descriptionSunOS 5.10: kernel patch. Date this patch was last updated by Sun : Jan/29/07 This plugin has been deprecated and either replaced with individual 118833 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id21792
    published2006-07-03
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=21792
    titleSolaris 10 (sparc) : 118833-36 (deprecated)

Oval

accepted2007-09-27T08:57:45.983-04:00
classvulnerability
contributors
namePai Peng
organizationOpsware, Inc.
definition_extensions
  • commentSolaris 10 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1440
  • commentSolaris 10 (x86) is installed
    ovaloval:org.mitre.oval:def:1926
descriptionThe tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service (system crash) via a TCP loopback connection with both endpoints on the same system.
familyunix
idoval:org.mitre.oval:def:2199
statusaccepted
submitted2007-08-10T12:25:23.000-04:00
titleSecurity Vulnerability in the Solaris 10 TCP Fusion Code May Lead to a System Panic, Resulting in a Denial of Service (DoS)
version35