Linux 核心 'isdn_ppp.c' ISDN PPP远程拒绝服务漏洞

CVE编号

CVE-2006-5749

利用情况

暂无

补丁情况

N/A

披露时间

2006-12-31

漏洞描述

The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34
http://secunia.com/advisories/23529
http://secunia.com/advisories/23609
http://secunia.com/advisories/23752
http://secunia.com/advisories/24098
http://secunia.com/advisories/24100
http://secunia.com/advisories/24547
http://secunia.com/advisories/25226
http://secunia.com/advisories/25683
http://secunia.com/advisories/25691
http://www.kernel.org/git/?p=linux/kernel/git/wtarreau/linux-2.4.git%3Ba=comm...
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
http://www.mandriva.com/security/advisories?name=MDKSA-2007:040
http://www.novell.com/linux/security/advisories/2007_18_kernel.html
http://www.novell.com/linux/security/advisories/2007_21_kernel.html
http://www.novell.com/linux/security/advisories/2007_30_kernel.html
http://www.novell.com/linux/security/advisories/2007_35_kernel.html
http://www.securityfocus.com/archive/1/471457
http://www.securityfocus.com/bid/21835
http://www.securityfocus.com/bid/21883
http://www.trustix.org/errata/2007/0002/
http://www.ubuntu.com/usn/usn-416-1

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	系统	linux	linux_kernel	*		Up to (including) 2.4.34

CVSS3评分 1.7

• 攻击路径 本地
• 攻击复杂度 低
• 权限要求 一次
• 影响范围 N/A
• 用户交互 无
• 可用性 部分地
• 保密性 无
• 完整性 无

AV:L/AC:L/Au:S/C:N/I:N/A:P

CWE-ID	漏洞类型
NVD-CWE-Other

Exp相关链接

- avd.aliyun.com