[VIM] Clarification on affected Linux kernel versions - CVE-2006-4535
Steven M. Christey
coley at mitre.org
Wed Sep 20 14:26:30 EDT 2006
See analysis. The original CVE analyst inferred the affected kernel
versions from the Ubuntu advisory, but turns out this was incorrect.
Acknowledged: yes advisory
The Linux kernel 220.127.116.11 and 18.104.22.168 and 2.6.18-rc5 allows local
users to cause a denial of service (crash) via an SCTP socket with a
certain SO_LINGER value, possibly related to the patch for
CVE-2006-3745. NOTE: other kernel versions for specific distributions
might also be affected.
ACCURACY: Marcel Holtmann of Red Hat notified CVE on 20060910 that the
only affected versions were 22.214.171.124, 126.96.36.199, and 2.6.18-rc5.
This is inconsistent with Ubuntu's patches for some kernel versions up
to 2.6.15, but it's possible that the original CVE-2006-3745 patch was
ported to older versions.
ACCURACY: Comments from the SVN changelog/diff reveal that this
problem was introduced with the patch for CVE-2006-3745:
"sctp-priv-elevation-2.dpatch [SECURITY] Fix local DoS resulting from
sctp-priv-elevation.dpatch / See CVE-2006-4535"
More information about the VIM