#VU95587 Resource management errors in Linux kernel - CVE-2006-1523

Cybersecurity Help s.r.o.

Published: 2006-04-13 | Updated: 2016-10-18

Vulnerability identifier: #VU95587

Vulnerability risk: Low

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2006-1523

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://marc.info/?l=linux-kernel&m=114476543426600&w=2
https://secunia.com/advisories/20398
https://secunia.com/advisories/20914
https://www.debian.org/security/2006/dsa-1103
https://www.novell.com/linux/security/advisories/2006-05-31.html
https://www.securityfocus.com/bid/17640
https://www.vupen.com/english/advisories/2006/2554
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188604

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Resource management errors in Linux kernel