CVE-2005-2973
published 2005-10-27CVE-2005-2973: The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and…
PriorityP410low2.1CVSS 2.0
AVLACLAuNCNINAP
EXPLOIT
EPSS
0.79%
51.6th percentile
The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x3q3-8rvf-8jc4: The udp_v6_get_port function in udp
ghsa_unreviewed·2022-05-01
CVE-2005-2973 [LOW] GHSA-x3q3-8rvf-8jc4: The udp_v6_get_port function in udp
The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2005-11-22
CVE-2005-3180 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-10-04·CVSS 2.1
CVE-2005-2973 [LOW] security flaw
security flaw
The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).
No detection rules found.
Exploit-DB
Linux Kernel 2.6.x - Sysctl Unregistration Local Denial of Service
exploitdb·2005-11-09
CVE-2005-2709 Linux Kernel 2.6.x - Sysctl Unregistration Local Denial of Service
Linux Kernel 2.6.x - Sysctl Unregistration Local Denial of Service
---
/*
source: https://www.securityfocus.com/bid/15365/info
Linux Kernel is reported prone to a local denial-of-service vulnerability. This issue arises from a failure to properly unregister kernel resources when network devices are removed.
This issue allows local attackers to deny service to legitimate users. Attackers may also be able to execute arbitrary code in the context of the kernel, but this has not been confirmed.
*/
/*
* Linux kernel
* IPv6 UDP port selection infinite loop
* local denial of service vulnerability
* proof of concept code
* version 1.0 (Oct 29 2005)
* CVE ID: CAN-2005-2973
*
* by Remi Denis-Courmont
* http://www.simphalempin.com/dev/
*
* Vulnerable:
* - Linux = 2.6.14
* - Linux without IPv6
*
Exploit-DB
Linux Kernel 2.6.x - IPv6 Local Denial of Service
exploitdb·2005-10-20
CVE-2005-2973 Linux Kernel 2.6.x - IPv6 Local Denial of Service
Linux Kernel 2.6.x - IPv6 Local Denial of Service
---
/*
source: https://www.securityfocus.com/bid/15156/info
Linux Kernel is reported prone to a local denial-of-service vulnerability.
This issue arises from an infinite loop when binding IPv6 UDP ports.
*/
/*
* Linux kernel
* IPv6 UDP port selection infinite loop
* local denial of service vulnerability
* proof of concept code
* version 1.0 (Oct 29 2005)
* CVE ID: CAN-2005-2973
*
* by Remi Denis-Courmont
* http://www.simphalempin.com/dev/
*
* Vulnerable:
* - Linux = 2.6.14
* - Linux without IPv6
*
* Fix:
* http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;
* a=commit;h=87bf9c97b4b3af8dec7b2b79cdfe7bfc0a0a03b2
*/
/*****************************************************************************
* Copyright (C) 2005 Rem
Bugzilla
CVE-2005-2973 security flaw
bugzilla·2018-08-16·CVSS 2.1
CVE-2005-2973 [LOW] CVE-2005-2973 security flaw
CVE-2005-2973 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).
Bugzilla
CVE-2005-2973 ipv6 infinite loop - ipf
bugzilla·2005-10-14·CVSS 2.1
CVE-2005-2973 [LOW] CVE-2005-2973 ipv6 infinite loop - ipf
CVE-2005-2973 ipv6 infinite loop - ipf
+++ This bug was initially created as a clone of Bug #170772 +++
Tetsuo Handa reported a infinite loop allowing a local user to crash a ipv6
enabled kernel.
http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA
When looking at this update I noticed another patch that we might be missing,
not checked into it's ability to have a security relevance:
http://linux.bkbits.net:8080/linux-2.6/cset@4341a0f6Dq8vTKy1SDtDVxuJUrQaRg
Discussion:
See bug #170772 for a reproducer.
modprobe ipv6
then run the reproducer.
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the
Bugzilla
CVE-2005-2973 ipv6 infinite loop
bugzilla·2005-10-14·CVSS 2.1
CVE-2005-2973 [LOW] CVE-2005-2973 ipv6 infinite loop
CVE-2005-2973 ipv6 infinite loop
Patch successfully tested and posted for internal review on 27-Oct-2005.
Discussion:
A fix for this problem has just been committed to the RHEL3 U7
patch pool this evening (in kernel version 2.4.21-37.8.EL).
---
A fix for this problem has also been committed to the RHEL3 E7
patch pool this evening (in kernel version 2.4.21-37.0.1.EL).
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0140.html
Bugzilla
CVE-2005-2973 ipv6 infinite loop
bugzilla·2005-10-14·CVSS 2.1
CVE-2005-2973 [LOW] CVE-2005-2973 ipv6 infinite loop
CVE-2005-2973 ipv6 infinite loop
Tetsuo Handa reported a infinite loop allowing a local user to crash a ipv6
enabled kernel.
http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA
When looking at this update I noticed another patch that we might be missing,
not checked into it's ability to have a security relevance:
http://linux.bkbits.net:8080/linux-2.6/cset@4341a0f6Dq8vTKy1SDtDVxuJUrQaRg
Discussion:
This issue is on Red Hat Engineering's list of planned work items
for the upcoming Red Hat Enterprise Linux 4.4 release. Engineering
resources have been assigned and barring unforeseen circumstances, Red
Hat intends to include this item in the 4.4 release.
---
An advisory has been issued which should help the problem
described in this bug report. This report is the
Bugzilla
CVE-2005-2973 ipv6 infinite loop
bugzilla·2005-10-14·CVSS 2.1
CVE-2005-2973 [LOW] CVE-2005-2973 ipv6 infinite loop
CVE-2005-2973 ipv6 infinite loop
+++ This bug was initially created as a clone of Bug #170772 +++
Tetsuo Handa reported a infinite loop allowing a local user to crash a ipv6
enabled kernel.
http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA
When looking at this update I noticed another patch that we might be missing,
not checked into it's ability to have a security relevance:
http://linux.bkbits.net:8080/linux-2.6/cset@4341a0f6Dq8vTKy1SDtDVxuJUrQaRg
Discussion:
See bug #170772 for a reproducer.
cat 65536 > /proc/sys/fs/file-max
modprobe ipv6
then run the reproducer.
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the soluti
Bugzilla
Multiple Kernel vulnerabilities
bugzilla·2005-05-11
[MEDIUM] Multiple Kernel vulnerabilities
Multiple Kernel vulnerabilities
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Mozilla rulez!)
Description of problem:
Paul Starzetz of iSEC has found yet another bug in binfmt_elf.c. It can be abused to crash the kernel, perhaps even to break into the kernel land. See the advisory for details.
Version-Release number of selected component (if applicable):
How reproducible:
Didn't try
Steps to Reproduce:
Additional info:
I've got a quick and dirty patch. I'll submit it ASAP.
Discussion:
Grr...Bugzilla assigned the bug to [email protected] rather than to
[email protected]
---
Created attachment 114264
The patch for CAN-2005-1263
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch can be applied to FL kernel 2.4.20-43:
402e548b02382c015d6f5e5704370a1ba546598b
li
http://linux.bkbits.net:8080/linux-2.6/cset%404342df67SNhRx_3FGhUrrU-FXLlQIAhttp://secunia.com/advisories/17261http://secunia.com/advisories/17280http://secunia.com/advisories/17917http://secunia.com/advisories/17918http://secunia.com/advisories/18562http://secunia.com/advisories/18684http://secunia.com/advisories/19185http://secunia.com/advisories/19369http://secunia.com/advisories/19374http://secunia.com/advisories/20237http://secunia.com/advisories/21745http://support.avaya.com/elmodocs2/security/ASA-2006-161.htmhttp://www.debian.org/security/2006/dsa-1017http://www.debian.org/security/2006/dsa-1018http://www.mandriva.com/security/advisories?name=MDKSA-2006:040http://www.mandriva.com/security/advisories?name=MDKSA-2006:072http://www.osvdb.org/20163http://www.redhat.com/support/errata/RHSA-2006-0140.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0190.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0191.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0493.htmlhttp://www.securityfocus.com/advisories/9549http://www.securityfocus.com/advisories/9555http://www.securityfocus.com/advisories/9806http://www.securityfocus.com/archive/1/419522/100/0/threadedhttp://www.securityfocus.com/archive/1/427980/100/0/threadedhttp://www.securityfocus.com/archive/1/428028/100/0/threadedhttp://www.securityfocus.com/archive/1/428058/100/0/threadedhttp://www.securityfocus.com/bid/15156http://www.vupen.com/english/advisories/2005/2173https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170772https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10041https://usn.ubuntu.com/219-1/http://linux.bkbits.net:8080/linux-2.6/cset%404342df67SNhRx_3FGhUrrU-FXLlQIAhttp://secunia.com/advisories/17261http://secunia.com/advisories/17280http://secunia.com/advisories/17917http://secunia.com/advisories/17918http://secunia.com/advisories/18562http://secunia.com/advisories/18684http://secunia.com/advisories/19185http://secunia.com/advisories/19369http://secunia.com/advisories/19374http://secunia.com/advisories/20237http://secunia.com/advisories/21745http://support.avaya.com/elmodocs2/security/ASA-2006-161.htmhttp://www.debian.org/security/2006/dsa-1017http://www.debian.org/security/2006/dsa-1018http://www.mandriva.com/security/advisories?name=MDKSA-2006:040http://www.mandriva.com/security/advisories?name=MDKSA-2006:072http://www.osvdb.org/20163http://www.redhat.com/support/errata/RHSA-2006-0140.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0190.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0191.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0493.htmlhttp://www.securityfocus.com/advisories/9549http://www.securityfocus.com/advisories/9555http://www.securityfocus.com/advisories/9806http://www.securityfocus.com/archive/1/419522/100/0/threadedhttp://www.securityfocus.com/archive/1/427980/100/0/threadedhttp://www.securityfocus.com/archive/1/428028/100/0/threadedhttp://www.securityfocus.com/archive/1/428058/100/0/threadedhttp://www.securityfocus.com/bid/15156http://www.vupen.com/english/advisories/2005/2173https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170772https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10041https://usn.ubuntu.com/219-1/
2005-10-27
Published