Launchpad.net

CVE 2006-2274

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.

Related bugs and status

CVE-2006-2274 (Candidate) is related to these bugs:

Bug #41284: Don't allow a backslash in a path component (CVE-2006-1863)

Summary				In	Importance	Status
	41284	Don't allow a backslash in a path component (CVE-2006-1863)		linux-source-2.6.15 (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://git.kernel.org/...
TRUSTIX: 2006-0026
BID: 17955
REDHAT: RHSA-2006:0493
SECUNIA: 20237
DEBIAN: DSA-1097
SECUNIA: 20671
SUSE: SUSE-SA:2006:028
UBUNTU: USN-302-1
SECUNIA: 20716
DEBIAN: DSA-1103
SECUNIA: 20914
SECUNIA: 21045
CONFIRM: http://support.avaya.c...
SECUNIA: 21745
SECUNIA: 20398
OSVDB: 25746
SECUNIA: 21476
MANDRIVA: MDKSA-2006:123
MANDRIVA: MDKSA-2006:150
VUPEN: ADV-2006-2554
XF: linux-sctp-skb-pull-do...
OVAL: oval:org.mitre.oval:de...