4.9

CVE-2006-1522

The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service (OOPS) via keyctl requests that add a key to a user key instead of a keyring key, which causes an invalid dereference in the __keyring_search_one function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version2.6.16.1
LinuxLinux Kernel Version2.6.17 Updaterc1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.348
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/20237
Vendor Advisory
http://secunia.com/advisories/21745
Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0493.html
http://secunia.com/advisories/20157
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:086
http://secunia.com/advisories/20716
Vendor Advisory
http://www.ubuntu.com/usn/usn-302-1
http://lwn.net/Alerts/180820/
http://secunia.com/advisories/19735
Vendor Advisory
http://www.vupen.com/english/advisories/2006/1475
Vendor Advisory
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.3
http://secunia.com/advisories/19573
Patch
Vendor Advisory
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c3a9d6541f84ac3ff566982d08389b87c1c36b4e
http://www.osvdb.org/24507
http://www.securityfocus.com/bid/17451
Patch
http://www.vupen.com/english/advisories/2006/1307
Vendor Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188466
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/25722
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9325