CVE-2006-4538

Related Files

Mandriva Linux Security Advisory 2007.060

Posted Mar 13, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Many vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The 2.6.17 kernel and earlier, when running on IA64 and SPARC platforms would allow a local user to cause a DoS (crash) via a malformed ELF file. The mincore function in the Linux kernel did not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock. An unspecified vulnerability in the listxattr system call, when a "bad inode" is present, could allow a local user to cause a DoS (data corruption) and possibly gain privileges via unknown vectors. The zlib_inflate function allows local users to cause a crash via a malformed filesystem that uses zlib compression that triggers memory corruption. The ext3fs_dirhash function could allow local users to cause a DoS (crash) via an ext3 stream with malformed data structures. When SELinux hooks are enabled, the kernel could allow a local user to cause a DoS (crash) via a malformed file stream that triggers a NULL pointer derefernece. The key serial number collision avoidance code in the key_alloc_serial function in kernels 2.6.9 up to 2.6.20 allows local users to cause a crash via vectors thatr trigger a null dereference. The Linux kernel version 2.6.13 to 2.6.20.1 allowed a remote attacker to cause a DoS (oops) via a crafted NFSACL2 ACCESS request that triggered a free of an incorrect pointer. A local user could read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump; a variant of CVE-2004-1073.

tags | advisory, remote, kernel, local, vulnerability

systems | linux, mandriva

advisories | CVE-2006-4538, CVE-2006-4814, CVE-2006-5753, CVE-2006-5823, CVE-2006-6053, CVE-2006-6056, CVE-2007-0006, CVE-2007-0772, CVE-2007-0958

SHA-256 | 7c7b3b5bbbacea086cb15820a0722f0763fd7ad9e6731f41b9a2f1adff516926

Download | Favorite | View

Debian Linux Security Advisory 1237-1

Posted Dec 19, 2006

Authored by Debian | Site debian.org

Debian Security Advisory 1237-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability

systems | linux, debian

advisories | CVE-2005-4093, CVE-2006-4538, CVE-2006-4997, CVE-2006-5174, CVE-2006-5649, CVE-2006-5871

SHA-256 | 440d8f7fb1e3a66a22f780be1ac0d687d8f8a53ecf5ae5b2a47a874da8f80cdd

Download | Favorite | View

Debian Linux Security Advisory 1233-1

Posted Dec 11, 2006

Authored by Debian | Site debian.org

Debian Security Advisory 1233-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability

systems | linux, debian

advisories | CVE-2006-3741, CVE-2006-4538, CVE-2006-4813, CVE-2006-4997, CVE-2006-5174, CVE-2006-5619, CVE-2006-5649, CVE-2006-5751, CVE-2006-5871

SHA-256 | abdb183f40070b89b9064b102b9d38042eed09878c658ed2ab595012212bb014

Download | Favorite | View