CVE-2006-3468
published 2006-07-21CVE-2006-3468: Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2…
PriorityP338high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
15.69%
96.4th percentile
Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.
Affected
87 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat7.8HIGH
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qc66-pxrq-vq8r: Linux kernel 2
ghsa_unreviewed·2022-05-01
CVE-2006-3468 [HIGH] GHSA-qc66-pxrq-vq8r: Linux kernel 2
Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2006-09-15·CVSS 5.0
CVE-2006-2934 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
A Denial of service vulnerability was reported in iptables' SCTP
conntrack module. On computers which use this iptables module, a
remote attacker could expoit this to trigger a kernel crash.
(CVE-2006-2934)
A buffer overflow has been discovered in the dvd_read_bca() function.
By inserting a specially crafted DVD, USB stick, or similar
automatically mounted removable device, a local user could crash the
machine or potentially even execute arbitrary code with full root
privileges. (CVE-2006-2935)
The ftdi_sio driver for serial USB ports did not limit the amount of
pending data to be written. A local user could exploit this to drain
all available kernel memory and thus render the system unusable.
(CVE-2006-2936)
Ja
Red Hat
security flaw
vendor_redhat·2006-07-17·CVSS 7.8
CVE-2006-3468 [HIGH] security flaw
security flaw
Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.
No detection rules found.
Bugzilla
CVE-2006-3468 security flaw
bugzilla·2018-08-16·CVSS 7.8
CVE-2006-3468 [HIGH] CVE-2006-3468 security flaw
CVE-2006-3468 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.
Bugzilla
CVE-2006-3468 Bogus FH in NFS request causes DoS in file system code
bugzilla·2006-07-31·CVSS 7.8
CVE-2006-3468 [HIGH] CVE-2006-3468 Bogus FH in NFS request causes DoS in file system code
CVE-2006-3468 Bogus FH in NFS request causes DoS in file system code
Reported by James McKenzie on LKML:
http://bugzilla.kernel.org/show_bug.cgi?id=6828
The bug #199172 describes the possibility to corrupt a ext2/ext3 filesystem
which is exported over NFS via bad packets.
In the case of RHEL4 the filesystem will be remounted read-only and marked as
dirty. In case of RHEL3 only an error messages occurs and it continues. However
it still seems possible to corrupt the filesystem.
Discussion:
Hi, Marcel. Could you please downgrade the security impact of this BZ
against RHEL3 to "low", since nothing more serious than a console message
occurs? (This is further mitigated by the fact that unprivileged users
cannot recreate the problem at will.)
---
Downgraded the security impact to moderat
Bugzilla
CVE-2006-3468 Bogus FH in NFS request causes DoS in file system code
bugzilla·2006-07-17·CVSS 7.8
CVE-2006-3468 [HIGH] CVE-2006-3468 Bogus FH in NFS request causes DoS in file system code
CVE-2006-3468 Bogus FH in NFS request causes DoS in file system code
Reported by James McKenzie on LKML:
http://bugzilla.kernel.org/show_bug.cgi?id=6828
We found this rather surprising behaviour when debugging a
network card for one of our embedded systems. There was a
bus problem that occasionally caused the network card to
place random data in the outgoing packets. We were using
NFS root, as we hadn't written drivers for the block
devices yet, and discovered our Linux NFS servers getting
ext3 errors. It turned out that the 3com cards we have in
the servers lie about checking UDP checksums, and passed
the rubbish to knfsd where it was causing the problem.
Here's an example one of our widgets (dcm503) is talking
to an NFS server (dufftown)
17:28:38.535011 dcm503.guralp.local.984095109
http://lkml.org/lkml/2006/7/17/41http://secunia.com/advisories/21369http://secunia.com/advisories/21605http://secunia.com/advisories/21614http://secunia.com/advisories/21847http://secunia.com/advisories/21934http://secunia.com/advisories/22093http://secunia.com/advisories/22148http://secunia.com/advisories/22174http://secunia.com/advisories/22822http://support.avaya.com/elmodocs2/security/ASA-2006-203.htmhttp://www.debian.org/security/2006/dsa-1184http://www.mandriva.com/security/advisories?name=MDKSA-2006:150http://www.mandriva.com/security/advisories?name=MDKSA-2006:151http://www.novell.com/linux/security/advisories/2006_21_sr.htmlhttp://www.novell.com/linux/security/advisories/2006_22_sr.htmlhttp://www.novell.com/linux/security/advisories/2006_57_kernel.htmlhttp://www.novell.com/linux/security/advisories/2006_64_kernel.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0617.htmlhttp://www.securityfocus.com/bid/19396http://www.trustix.org/errata/2006/0046/http://www.ubuntu.com/usn/usn-346-1https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=199172https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9809http://lkml.org/lkml/2006/7/17/41http://secunia.com/advisories/21369http://secunia.com/advisories/21605http://secunia.com/advisories/21614http://secunia.com/advisories/21847http://secunia.com/advisories/21934http://secunia.com/advisories/22093http://secunia.com/advisories/22148http://secunia.com/advisories/22174http://secunia.com/advisories/22822http://support.avaya.com/elmodocs2/security/ASA-2006-203.htmhttp://www.debian.org/security/2006/dsa-1184http://www.mandriva.com/security/advisories?name=MDKSA-2006:150http://www.mandriva.com/security/advisories?name=MDKSA-2006:151http://www.novell.com/linux/security/advisories/2006_21_sr.htmlhttp://www.novell.com/linux/security/advisories/2006_22_sr.htmlhttp://www.novell.com/linux/security/advisories/2006_57_kernel.htmlhttp://www.novell.com/linux/security/advisories/2006_64_kernel.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0617.htmlhttp://www.securityfocus.com/bid/19396http://www.trustix.org/errata/2006/0046/http://www.ubuntu.com/usn/usn-346-1https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=199172https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9809
2006-07-21
Published