Improper input validation in Linux kernel - CVE-2006-0742
Published: March 9, 2006 / Updated: October 3, 2018
Vulnerability identifier: #VU95592
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2006-0742
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, has the 'noreturn' attribute set, which allows local users to cause a denial of service by causing user faults on Itanium systems. This vulnerability affects all verison of Linux kernel 2.6.x before 2.6.15.6, and may be exclusive to Itanium systems.
How to mitigate CVE-2006-0742
Install update from vendor's repository.
Sources
- ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
- http://secunia.com/advisories/19078
- http://secunia.com/advisories/19220
- http://secunia.com/advisories/19607
- http://secunia.com/advisories/20398
- http://secunia.com/advisories/20671
- http://secunia.com/advisories/20914
- http://secunia.com/advisories/21136
- http://secunia.com/advisories/21465
- http://secunia.com/advisories/21983
- http://secunia.com/advisories/22417
- http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
- http://www.debian.org/security/2006/dsa-1097
- http://www.debian.org/security/2006/dsa-1103
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.6
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:059
- http://www.novell.com/linux/security/advisories/2006-05-31.html
- http://www.osvdb.org/23660
- http://www.redhat.com/support/errata/RHSA-2006-0437.html
- http://www.redhat.com/support/errata/RHSA-2006-0575.html
- http://www.securityfocus.com/bid/16993
- http://www.vupen.com/english/advisories/2006/0856
- http://www.vupen.com/english/advisories/2006/2554
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25068
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10742
- https://usn.ubuntu.com/263-1/