CVE - CVE-2006-6106

CVE-ID
CVE-2006-6106	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:2007-0002 URL:~~http://www.trustix.org/errata/2007/0002/~~ (Obsolete source - check if archived by the Wayback Machine) MISC:20070209 rPSA-2007-0031-1 kernel URL:http://www.securityfocus.com/archive/1/459615/100/0/threaded MISC:20070615 rPSA-2007-0124-1 kernel xen URL:http://www.securityfocus.com/archive/1/471457 MISC:21604 URL:http://www.securityfocus.com/bid/21604 MISC:23408 URL:http://secunia.com/advisories/23408 MISC:23427 URL:http://secunia.com/advisories/23427 MISC:23593 URL:http://secunia.com/advisories/23593 MISC:23609 URL:http://secunia.com/advisories/23609 MISC:23752 URL:http://secunia.com/advisories/23752 MISC:23997 URL:http://secunia.com/advisories/23997 MISC:24098 URL:http://secunia.com/advisories/24098 MISC:24105 URL:http://secunia.com/advisories/24105 MISC:24206 URL:http://secunia.com/advisories/24206 MISC:24547 URL:http://secunia.com/advisories/24547 MISC:25226 URL:http://secunia.com/advisories/25226 MISC:25683 URL:http://secunia.com/advisories/25683 MISC:25691 URL:http://secunia.com/advisories/25691 MISC:25714 URL:http://secunia.com/advisories/25714 MISC:27227 URL:http://secunia.com/advisories/27227 MISC:29058 URL:http://secunia.com/advisories/29058 MISC:ADV-2006-5037 URL:~~http://www.vupen.com/english/advisories/2006/5037~~ (Obsolete source) MISC:DSA-1304 URL:http://www.debian.org/security/2007/dsa-1304 MISC:DSA-1503 URL:http://www.debian.org/security/2008/dsa-1503 MISC:MDKSA-2007:002 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:002~~ (Obsolete source) MISC:MDKSA-2007:012 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:012~~ (Obsolete source) MISC:MDKSA-2007:025 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:025~~ (Obsolete source) MISC:RHSA-2007:0014 URL:http://rhn.redhat.com/errata/RHSA-2007-0014.html MISC:SUSE-SA:2007:018 URL:http://www.novell.com/linux/security/advisories/2007_18_kernel.html MISC:SUSE-SA:2007:021 URL:http://www.novell.com/linux/security/advisories/2007_21_kernel.html MISC:SUSE-SA:2007:030 URL:http://www.novell.com/linux/security/advisories/2007_30_kernel.html MISC:SUSE-SA:2007:035 URL:http://www.novell.com/linux/security/advisories/2007_35_kernel.html MISC:SUSE-SA:2007:053 URL:http://www.novell.com/linux/security/advisories/2007_53_kernel.html MISC:USN-416-1 URL:http://www.ubuntu.com/usn/usn-416-1 MISC:[linux-kernel] 20061215 [patch 24/24] Bluetooth: Add packet size checks for CAPI messages (CVE-2006-6106) URL:http://marc.info/?l=linux-kernel&m=116614741607528&w=2 MISC:[linux-kernel] 20061219 Linux 2.6.18.6 URL:http://marc.info/?l=linux-kernel&m=116648929829440&w=2 MISC:http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.5 URL:http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.5 MISC:http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218602 URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218602 MISC:https://issues.rpath.com/browse/RPL-848 URL:https://issues.rpath.com/browse/RPL-848 MISC:kernel-cmtprecvinteropmsg-bo(30912) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/30912 MISC:oval:org.mitre.oval:def:10891 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10891
Assigning CNA
Red Hat, Inc.
Date Record Created
20061124	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061124)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)