5 - USN-250-1

Executive Summary

Summary
Title	Linux kernel vulnerability

Informations
Name	USN-250-1	First vendor Publication	2006-02-13
Vendor	Ubuntu	Last vendor Modification	2006-02-13
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

linux-image-2.6.12-10-386 linux-image-2.6.12-10-686 linux-image-2.6.12-10-686-smp linux-image-2.6.12-10-amd64-generic linux-image-2.6.12-10-amd64-k8 linux-image-2.6.12-10-amd64-k8-smp linux-image-2.6.12-10-amd64-xeon linux-image-2.6.12-10-iseries-smp linux-image-2.6.12-10-itanium linux-image-2.6.12-10-itanium-smp linux-image-2.6.12-10-k7 linux-image-2.6.12-10-k7-smp linux-image-2.6.12-10-mckinley linux-image-2.6.12-10-mckinley-smp linux-image-2.6.12-10-powerpc linux-image-2.6.12-10-powerpc-smp linux-image-2.6.12-10-powerpc64-smp linux-patch-ubuntu-2.6.12

The problem can be corrected by upgrading the affected package to version 2.6.12-10.28. You have to restart your computer after a standard system upgrade to effect the necessary changes.

Details follow:

Herbert Xu discovered a remote Denial of Service vulnerability in the ICMP packet handler. In some situations a memory allocation was released twice, which led to memory corruption. A remote attacker could exploit this to crash the machine.

Original Source

Url : http://www.ubuntu.com/usn/USN-250-1

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

CPE : Common Platform Enumeration

Type	Description	Count
Os	Linux Linux Kernel cpe:2.3:o:linux:linux_kernel:2.6.15.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.14.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.14:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.14:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.14:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.14:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.14:rc5:::::: cpe:2.3:o:linux:linux_kernel:2.6.13.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13:rc6:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc5:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc7:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.12.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc3::::::	42

Open Source Vulnerability Database (OSVDB)

Id	Description
22993	Linux Kernel ip_options_echo() Function Crafted ICMP Packet Remote DoS

Snort® IPS/IDS

Date	Description
2014-01-10	(icmp4)LinuxICMPheaderDOSattempt RuleID : 452 - Revision : 2 - Type :

Nessus® Vulnerability Scanner

Date	Description
2006-03-13	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-250-1.nasl - Type : ACT_GATHER_INFO
2006-02-19	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-040.nasl - Type : ACT_GATHER_INFO
2006-02-10	Name : The remote Fedora Core host is missing a security update. File : fedora_2006-102.nasl - Type : ACT_GATHER_INFO
2006-02-10	Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_006.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:03:18	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	42
osvdb(s)	1
Snort® Rule(s)	1
Nessus® Exploit(s)	4

	Related
5	CVE-2006-0454
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

5 - USN-250-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU