CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY NOTES

VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-105
Linux Kernel "clip_mkip()" Denial of Service Vulnerability

Original Issue Date: October 13, 2006

Severity Rating: Medium

Systems Affected

Linux Kernel 2.4.x

Overview

A vulnerability has been reported in Linux Kernel which could be exploited by remote attackers to cause denial of service attack.

Description

A vulnerability has been reported in Linux Kernel due to an error in the "clip_mkip()" [net/atm/clip.c] function in the ATM (Asynchronous Transfer Mode) subsystem. This could be exploited by remote attackers to cause kernel panic and creating a denial of service condition.

Successful exploitation of this vulnerability requires installed ATM hardware and configured ATM support.

Solution

Upgrade to version 2.4.34-pre4

Vendor Information

Linux Kernel
http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.34.log

References

FrSIRT
http://www.frsirt.com/english/advisories/2006/3999

Secunia
http://secunia.com/advisories/22253/

LWN
https://lwn.net/Alerts/203328/

CVE Name
CVE-2006-4997

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Vulnerability Note CIVN-2006-105 Linux Kernel "clip_mkip()" Denial of Service Vulnerability

CERT-In Vulnerability Note CIVN-2006-105
Linux Kernel "clip_mkip()" Denial of Service Vulnerability