#VU95229 Resource management errors in Linux kernel - CVE-2006-4145
Vulnerability identifier: #VU95229
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command.
Mitigation
Install update from vendor's repository.
Vulnerable software versions
Linux kernel: All versions
External links
https://lkml.org/lkml/2006/6/16/6
https://secunia.com/advisories/21515
https://secunia.com/advisories/21695
https://secunia.com/advisories/21711
https://secunia.com/advisories/21934
https://secunia.com/advisories/22093
https://secunia.com/advisories/22382
https://secunia.com/advisories/23474
https://secunia.com/advisories/27227
https://secunia.com/advisories/31229
https://secunia.com/advisories/31685
https://support.avaya.com/elmodocs2/security/ASA-2008-365.htm
https://www.debian.org/security/2006/dsa-1184
https://www.mandriva.com/security/advisories?name=MDKSA-2006:182
https://www.mandriva.com/security/advisories?name=MDKSA-2007:025
https://www.novell.com/linux/security/advisories/2006_79_kernel.html
https://www.novell.com/linux/security/advisories/2007_53_kernel.html
https://www.redhat.com/support/errata/RHSA-2008-0665.html
https://www.securityfocus.com/archive/1/444887/100/0/threaded
https://www.securityfocus.com/bid/19562
https://www.ubuntu.com/usn/usn-346-1
https://www.vupen.com/english/advisories/2006/3308
https://issues.rpath.com/browse/RPL-611
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10796
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
