Launchpad.net

CVE 2006-2272

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks.

Related bugs and status

CVE-2006-2272 (Candidate) is related to these bugs:

Bug #41284: Don't allow a backslash in a path component (CVE-2006-1863)

Summary				In	Importance	Status
	41284	Don't allow a backslash in a path component (CVE-2006-1863)		linux-source-2.6.15 (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

FULLDISC: 20060508 [MU-200605-01...
MISC: http://labs.musecurity...
CONFIRM: http://git.kernel.org/...
SECUNIA: 19990
TRUSTIX: 2006-0026
BID: 17910
SECUNIA: 20157
REDHAT: RHSA-2006:0493
SECUNIA: 20237
OSVDB: 25633
DEBIAN: DSA-1097
SECUNIA: 20671
SUSE: SUSE-SA:2006:028
UBUNTU: USN-302-1
SECUNIA: 20716
DEBIAN: DSA-1103
SECUNIA: 20914
CONFIRM: http://support.avaya.c...
SECUNIA: 21745
SECUNIA: 20398
SECUNIA: 21476
MANDRIVA: MDKSA-2006:086
VUPEN: ADV-2006-1734
VUPEN: ADV-2006-2554
XF: linux-sctp-control-chu...
OVAL: oval:org.mitre.oval:de...