Vulnerability Details : CVE-2006-4997
Potential exploit
The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).
Vulnerability category: Denial of service
Products affected by CVE-2006-4997
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Threat overview for CVE-2006-4997
Top countries where our scanners detected CVE-2006-4997
Top open port discovered on systems with this issue
49153
IPs affected by CVE-2006-4997 11,997
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2006-4997!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-4997
30.00%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-4997
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | 2024-02-10 |
CWE ids for CVE-2006-4997
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-4997
-
http://secunia.com/advisories/23752
About Secunia Research | FlexeraBroken Link
-
http://www.redhat.com/support/errata/RHSA-2007-0012.html
SupportBroken Link
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012
Bot VerificationBroken Link
-
http://securitytracker.com/id?1017526
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
-
http://www.redhat.com/support/errata/RHSA-2006-0710.html
SupportBroken Link
-
http://www.securityfocus.com/bid/20363
Broken Link;Third Party Advisory;VDB Entry
-
http://www.redhat.com/support/errata/RHSA-2006-0689.html
SupportBroken Link;Patch
-
http://secunia.com/advisories/25691
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/23788
About Secunia Research | FlexeraBroken Link
-
http://www.vupen.com/english/advisories/2006/3937
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://www.us.debian.org/security/2006/dsa-1233
Broken Link
-
http://secunia.com/advisories/23064
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/22292
About Secunia Research | FlexeraBroken Link;Patch;Vendor Advisory
-
http://www.ubuntu.com/usn/usn-395-1
USN-395-1: Linux kernel vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://secunia.com/advisories/24288
About Secunia Research | FlexeraBroken Link
-
http://www.novell.com/linux/security/advisories/2006_79_kernel.html
Security - Support | SUSEBroken Link
-
http://secunia.com/advisories/22279
About Secunia Research | FlexeraBroken Link;Patch;Vendor Advisory
-
http://secunia.com/advisories/22945
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/23384
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/22762
About Secunia Research | FlexeraBroken Link
-
http://www.us.debian.org/security/2006/dsa-1237
Broken Link
-
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe26109a9dfd9327fdbe630fc819e1b7450986b2
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:197
Bot VerificationBroken Link
-
http://secunia.com/advisories/23370
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/23395
About Secunia Research | FlexeraBroken Link
-
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265
206265 – CVE-2006-4997 IP over ATM clip_mkip dereference freed pointerExploit;Issue Tracking
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/29387
Linux kernel clip_mkip() denial of service CVE-2006-4997 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm
ASA-2007-078 (RHSA-2007-0013)Third Party Advisory
-
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fe26109a9dfd9327fdbe630fc819e1b7450986b2
Broken Link
-
http://secunia.com/advisories/23474
About Secunia Research | FlexeraBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10388
404 Not FoundBroken Link
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
Bot VerificationBroken Link
-
http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm
ASA-2006-254 (RHSA-2006-0710)Third Party Advisory
-
http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm
ASA-2006-249 (RHSA-2006-0689)Third Party Advisory
-
http://secunia.com/advisories/22497
About Secunia Research | FlexeraBroken Link
-
http://www.securityfocus.com/archive/1/471457
Broken Link;Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2006/3999
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://www.redhat.com/support/errata/RHSA-2007-0013.html
SupportBroken Link
-
http://secunia.com/advisories/22253
About Secunia Research | FlexeraBroken Link;Vendor Advisory
Jump to