Vulnerability CVE-2006-2272: Information

Description

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks.

Severity: HIGH (7.8)

URL: https://nvd.nist.gov/vuln/detail/CVE-2006-2272

Published: May 9, 2006

Modified: Nov. 7, 2023

References to Advisories, Solutions, and Tools

Hyperlink	Resource
20060508 [MU-200605-01] Multiple vulnerabilities in Linux SCTP 2.6.16	Patch
http://labs.musecurity.com/advisories/MU-200605-01.txt	Patch Vendor Advisory
19990	Patch Vendor Advisory
2006-0026
17910
20157
RHSA-2006:0493
20237
25633
DSA-1097
20671
SUSE-SA:2006:028
USN-302-1
20716
DSA-1103
20914
http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
21745
20398
21476
MDKSA-2006:086
ADV-2006-1734
ADV-2006-2554
linux-sctp-control-chunk-dos(26431)
oval:org.mitre.oval:def:11243
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=62b08083ec3dbfd7e533c8d230dd1d8191a6e813

Affected configurations:
1. Configuration 1
  cpe:2.3:a:lksctp:stream_control_transmission_protocol:*:*:*:*:*:*:*:*
  End including
  2.6.16

Version: v24.4.2

Vulnerability CVE-2006-2272: Information

Description

References to Advisories, Solutions, and Tools

Configuration 1