CVE-2006-6106 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-6106
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-6106

Description: Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/30912 UBUNTU http://www.ubuntu.com/usn/usn-416-1 TRUSTIX http://www.trustix.org/errata/2007/0002/ SUSE http://www.novell.com/linux/security/advisories/2007_35_kernel.html http://www.novell.com/linux/security/advisories/2007_53_kernel.html http://www.novell.com/linux/security/advisories/2007_30_kernel.html http://www.novell.com/linux/security/advisories/2007_21_kernel.html http://www.novell.com/linux/security/advisories/2007_18_kernel.html SAID Secunia Advisory: SA29058 Secunia Advisory: SA27227 Secunia Advisory: SA25226 Secunia Advisory: SA25691 Secunia Advisory: SA25714 Secunia Advisory: SA25683 Secunia Advisory: SA24547 Secunia Advisory: SA24206 Secunia Advisory: SA24105 Secunia Advisory: SA24098 Secunia Advisory: SA23997 Secunia Advisory: SA23752 Secunia Advisory: SA23593 Secunia Advisory: SA23609 Secunia Advisory: SA23427 Secunia Advisory: SA23408 REDHAT http://rhn.redhat.com/errata/RHSA-2007-0014.html MLIST http://marc.theaimsgroup.com/?l=linux-kernel&m=116648929829440&w=2 http://marc.theaimsgroup.com/?l=linux-kernel&m=116614741607528&w=2 MISC MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:025 http://www.mandriva.com/security/advisories?name=MDKSA-2007:012 http://www.mandriva.com/security/advisories?name=MDKSA-2007:002 DEBIAN http://www.debian.org/security/2007/dsa-1304 http://www.debian.org/security/2008/dsa-1503 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.5 BUGTRAQ http://www.securityfocus.com/archive/1/471457 http://www.securityfocus.com/archive/1/archive/1/459615/100/0/threaded BID 21604

Return to the previous page.