Vulnerability Details : CVE-2006-5749
The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash.
Products affected by CVE-2006-5749
- cpe:2.3:o:linux:linux_kernel:*:rc3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-5749
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-5749
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.7
|
LOW | AV:L/AC:L/Au:S/C:N/I:N/A:P |
3.1
|
2.9
|
NIST |
Vendor statements for CVE-2006-5749
-
Red Hat 2007-03-14Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
References for CVE-2006-5749
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012
Bot Verification
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:040
-
http://www.kernel.org/git/?p=linux/kernel/git/wtarreau/linux-2.4.git%3Ba=commitdiff%3Bh=05dca9b77f99d80cf615075624666106d5b61727
-
http://www.novell.com/linux/security/advisories/2007_35_kernel.html
-
http://www.novell.com/linux/security/advisories/2007_18_kernel.html
-
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34
-
http://www.novell.com/linux/security/advisories/2007_30_kernel.html
-
http://www.securityfocus.com/bid/21883
-
http://www.trustix.org/errata/2007/0002/
-
http://www.securityfocus.com/bid/21835
-
http://www.ubuntu.com/usn/usn-416-1
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
Bot Verification
-
http://www.novell.com/linux/security/advisories/2007_21_kernel.html
-
http://www.securityfocus.com/archive/1/471457
Jump to