Info

Last Modified

6 months ago

Percent Complete

25%

Disclosure

Nov 29, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 25% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Description

(Description Provided by CVE) : Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.

Classification

Attack Type: Input Manipulation

Solution

Upgrade to version 2.6.18.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

FrSIRT Advisory: ADV-2006-4781
Bugtraq ID: 21353
Vendor Specific News/Changelog Entry: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18.4
RedHat RHSA: RHSA-2007:0014
Other Advisory URL: http://fedoranews.org/cms/node/2447
http://lists.suse.com/archive/suse-security-announce/2006-Dec/0009.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0004.html
http://projects.info-pull.com/mokb/MOKB-29-11-2006.html
http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2007:002
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012
http://www.ubuntu.com/usn/usn-395-1
http://www.us.debian.org/security/2006/dsa-1233
https://issues.rpath.com/browse/RPL-803
ISS X-Force ID: 30588
Secunia Advisory ID: 23073 23252 23370 23384 23474 23593 23752 23833 23997 24206 24547
CVE ID: 2006-5751 (see also: NVD)

Tools & Filters

Nessus	24076 24077 24315 24619 24628 27291 27293 27981 29490

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches