CVE-2005-3858HIGH
Description
Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.
References
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
http://marc.info/?l=linux-kernel&m=112508479120081&w=2
http://marc.info/?l=linux-kernel&m=112533899509033&w=2
http://secunia.com/advisories/18203
http://secunia.com/advisories/18510
http://secunia.com/advisories/18562
http://secunia.com/advisories/19038
http://secunia.com/advisories/19369
http://secunia.com/advisories/19374
http://www.debian.org/security/2006/dsa-1017
http://www.debian.org/security/2006/dsa-1018
http://www.redhat.com/support/errata/RHSA-2006-0101.html
http://www.redhat.com/support/errata/RHSA-2006-0140.html
http://www.securityfocus.com/bid/16043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9396
Details
Source: MITRE
Published: 2005-11-27
Updated: 2018-10-03
Type: NVD-CWE-Other
Risk Information
CVSS v2.0
Base Score: 7.8
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 10
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.8.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.9:2.6.20:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 22560 | Debian DSA-1018-2 : kernel-source-2.4.27 - several vulnerabilities | Nessus | Debian Local Security Checks | high |
| 22559 | Debian DSA-1017-1 : kernel-source-2.6.8 - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
| 21977 | CentOS 4 : kernel (CESA-2006:0101) | Nessus | CentOS Local Security Checks | high |
| 21881 | CentOS 3 : kernel (CESA-2006:0140) | Nessus | CentOS Local Security Checks | high |
| 20775 | Ubuntu 4.10 / 5.04 / 5.10 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities (USN-231-1) | Nessus | Ubuntu Local Security Checks | high |
| 20751 | RHEL 3 : kernel (RHSA-2006:0140) | Nessus | Red Hat Local Security Checks | high |
| 20732 | RHEL 4 : kernel (RHSA-2006:0101) | Nessus | Red Hat Local Security Checks | high |
| 801415 | CentOS RHSA-2006-0140 Security Check | Log Correlation Engine | Generic | high |
| 801413 | CentOS RHSA-2006-0101 Security Check | Log Correlation Engine | Generic | high |