Vulnerabilities > CVE-2006-5701 - Denial of Service vulnerability in Linux Kernel SquashFS Double Free
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.
Vulnerable Configurations
Exploit-Db
| description | Linux Kernel 2.6.x SquashFS Double Free Denial of Service Vulnerability. CVE-2006-5701. Dos exploit for linux platform |
| id | EDB-ID:28895 |
| last seen | 2016-02-03 |
| modified | 2006-11-02 |
| published | 2006-11-02 |
| reporter | LMH |
| source | https://www.exploit-db.com/download/28895/ |
| title | Linux Kernel 2.6.x - SquashFS Double Free Denial of Service Vulnerability |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-047.NASL description Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : A double free vulnerability in the squashfs module could allow a local user to cause a Denial of Service by mounting a crafted squashfs filesystem (CVE-2006-5701). The zlib_inflate function allows local users to cause a crash via a malformed filesystem that uses zlib compression that triggers memory corruption (CVE-2006-5823). The key serial number collision avoidance code in the key_alloc_serial function in kernels 2.6.9 up to 2.6.20 allows local users to cause a crash via vectors thatr trigger a null dereference (CVE-2007-0006). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes. In addition to these security fixes, other fixes have been included such as : - New drivers: nozomi, UVC - Fixed SiS SATA support for chips on 966/968 bridges - Fixed issues in squashfs by updating to 3.2 (#27008) - Added support for SiS968 bridgest to the sis190 bridge - Fixed JMicron cable detection - Added /proc/config.gz support and enabled kexec on x86_64 - Other minor fixes To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate last seen 2020-06-01 modified 2020-06-02 plugin id 24689 published 2007-02-22 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24689 title Mandrake Linux Security Advisory : kernel (MDKSA-2007:047) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-395-1.NASL description Mark Dowd discovered that the netfilter iptables module did not correcly handle fragmented packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules. This has only be fixed for Ubuntu 6.10; the corresponding fix for Ubuntu 5.10 and 6.06 will follow soon. (CVE-2006-4572) Dmitriy Monakhov discovered an information leak in the __block_prepare_write() function. During error recovery, this function did not properly clear memory buffers which could allow local users to read portions of unlinked files. This only affects Ubuntu 5.10. (CVE-2006-4813) ADLab Venustech Info Ltd discovered that the ATM network driver referenced an already released pointer in some circumstances. By sending specially crafted packets to a host over ATM, a remote attacker could exploit this to crash that host. This does not affect Ubuntu 6.10. (CVE-2006-4997) Matthias Andree discovered that the NFS locking management daemon (lockd) did not correctly handle mixing of last seen 2020-06-01 modified 2020-06-02 plugin id 27981 published 2007-11-10 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27981 title Ubuntu 5.10 / 6.06 LTS / 6.10 : linux-source-2.6.12/-2.6.15/-2.6.17 vulnerabilities (USN-395-1)
Statements
| contributor | Joshua Bressers |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Not Vulnerable. The squashfs module is not distributed as part of Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://projects.info-pull.com/mokb/MOKB-02-11-2006.html
- http://secunia.com/advisories/22655
- http://secunia.com/advisories/23361
- http://secunia.com/advisories/23384
- http://secunia.com/advisories/24259
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:047
- http://www.securityfocus.com/bid/20870
- http://www.ubuntu.com/usn/usn-395-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29967