Package : kernel-source-2.4.27
Vulnerability : several
Problem type : remote
CVE IDs : CVE-2005-4798 CVE-2006-2935 CVE-2006-1528 CVE-2006-2444
CVE-2006-2446 CVE-2006-3745 CVE-2006-4535
CERT advisory : VU#681569
BugTraq IDs : 18081 18101 18847 19666 20087
Several security related problems have been discovered in the Linux
kernel which may lead to a denial of service or even the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems:
A buffer overflow in NFS readlink handling allows a malicious
remote server to cause a denial of service.
Diego Calleja Garcia discovered a buffer overflow in the DVD
handling code that could be exploited by a specially crafted DVD
or USB storage device to execute arbitrary code.
A bug in the SCSI driver allows a local user to cause a denial of
Patrick McHardy discovered a bug in the SNMP NAT helper that
allows remote attackers to cause a denial of service.
A race condition in the socket buffer handling allows remote
attackers to cause a denial of service.
Wei Wang discovered a bug in the SCTP implementation that allows
local users to cause a denial of service and possibly gain root
David Miller reported a problem with the fix for CVE-2006-3745
that allows local users to crash the system using via an SCTP
socket with a certain SO_LINGER value.
The following matrix explains which kernel version for which
architecture fixes the problem mentioned above: