OS-LINUX kernel SCTP chunkless packet denial of service attempt
SCTP conntrack (ipconntrackproto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.
CVSS base score 5.0 CVSS impact score 2.9 CVSS exploitability score 10.0 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE
CVE-2006-2934:
CVSS base score 5.0
CVSS impact score 2.9
CVSS exploitability score 10.0
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact PARTIAL
CVE-2006-2934: SCTP conntrack (ipconntrackproto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.
CVE-2006-2934:
Access Vector NETWORK
Access Complexity LOW
Authentication NONE
None known
None known
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
©2020 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
Privacy Policy | Snort License | FAQ | Sitemap
