CVE-2006-5757
published 2006-11-06CVE-2006-5757: Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial…
PriorityP413low1.2CVSS 2.0
AVLACHAuNCNINAP
EXPLOIT
EPSS
0.76%
50.7th percentile
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.
Affected
69 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.01.2LOWAV:L/AC:H/Au:N/C:N/I:N/A:P
vendor_ubuntu7.5HIGH
vendor_redhat1.2LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3643-w49m-fvvm: Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2
ghsa_unreviewed·2022-05-01
CVE-2006-5757 [LOW] GHSA-3643-w49m-fvvm: Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2007-02-10·CVSS 7.5
CVE-2006-4572 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
Mark Dowd discovered that the netfilter iptables module did not
correcly handle fragmented IPv6 packets. By sending specially crafted
packets, a remote attacker could exploit this to bypass firewall
rules. This has has already been fixed for Ubuntu 6.10 in USN-395-1;
this is the corresponding fix for Ubuntu 6.06.(CVE-2006-4572)
Doug Chapman discovered an improper lock handling in the mincore()
function. A local attacker could exploit this to cause an eternal hang
in the kernel, rendering the machine unusable. (CVE-2006-4814)
Al Viro reported that the ISDN PPP module did not initialize the reset
state timer. By sending specially crafted ISDN packets, a remote
attacker could exploit this to crash the kernel. (CVE-2
Red Hat
security flaw
vendor_redhat·2006-11-05·CVSS 1.2
CVE-2006-5757 [LOW] security flaw
security flaw
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
No detection rules found.
Bugzilla
CVE-2006-5757 security flaw
bugzilla·2018-08-16·CVSS 1.2
CVE-2006-5757 [LOW] CVE-2006-5757 security flaw
CVE-2006-5757 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Bugzilla
CVE-2006-5757 ISO9660 __find_get_block_slow() denial of service
bugzilla·2006-11-06·CVSS 1.2
CVE-2006-5757 [LOW] CVE-2006-5757 ISO9660 __find_get_block_slow() denial of service
CVE-2006-5757 ISO9660 __find_get_block_slow() denial of service
Reported as MOKB-05-11-2006:
http://projects.info-pull.com/mokb/MOKB-05-11-2006.html
The ISO9660 filesystem handling code of the Linux 2.6.x kernel fails to properly
handle corrupted data structures, leading to an exploitable denial of service
condition. This particular vulnerability seems to be caused by a race condition
and a signedness issue. When performing a read operation on a corrupted ISO9660
fs stream, the isofs_get_blocks() function will enter an infinite loop when
__find_get_block_slow() callback from sb_getblk() fails ("due to various races
between file io on the block device and getblk").
Discussion:
This upstream patch resolves the issue:
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a
Bugzilla
CVE-2006-5757 Linux kernel Filesystem Mount Dead Loop
bugzilla·2006-09-13·CVSS 1.2
CVE-2006-5757 [LOW] CVE-2006-5757 Linux kernel Filesystem Mount Dead Loop
CVE-2006-5757 Linux kernel Filesystem Mount Dead Loop
Reported by ADLab, Venustech info Ltd CHINA:
There is a vulnerability in function __getblk(). When mount a file system image
with malformed block value, Linux kernel will fall in a dead loop. It will lead
to a kernel hang and denying further service.
Function __getblk() is used to seek a corresponding buffer_head of a block in a
specific block device. When processing a block with a block number more than 4G
and not to be mapped to buffer pages (__find_get_block will return NULL),
__getblk_slow will always run and never return.
1478 struct buffer_head *
1479 __getblk(struct block_device *bdev, sector_t block, int size)
1480 {
1481 struct buffer_head *bh = __find_get_block(bdev, block, size);
1482
1483 might_sleep();
1484 if (bh == NU
http://projects.info-pull.com/mokb/MOKB-05-11-2006.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0014.htmlhttp://secunia.com/advisories/22702http://secunia.com/advisories/22746http://secunia.com/advisories/23474http://secunia.com/advisories/23593http://secunia.com/advisories/23752http://secunia.com/advisories/23997http://secunia.com/advisories/24098http://secunia.com/advisories/24206http://secunia.com/advisories/25691http://secunia.com/advisories/25714http://support.avaya.com/elmodocs2/security/ASA-2007-063.htmhttp://www.debian.org/security/2007/dsa-1304http://www.mandriva.com/security/advisories?name=MDKSA-2007:002http://www.mandriva.com/security/advisories?name=MDKSA-2007:012http://www.novell.com/linux/security/advisories/2006_79_kernel.htmlhttp://www.securityfocus.com/archive/1/471457http://www.securityfocus.com/bid/20920http://www.ubuntu.com/usn/usn-416-1http://www.vupen.com/english/advisories/2006/4359https://exchange.xforce.ibmcloud.com/vulnerabilities/30029https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10111http://projects.info-pull.com/mokb/MOKB-05-11-2006.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0014.htmlhttp://secunia.com/advisories/22702http://secunia.com/advisories/22746http://secunia.com/advisories/23474http://secunia.com/advisories/23593http://secunia.com/advisories/23752http://secunia.com/advisories/23997http://secunia.com/advisories/24098http://secunia.com/advisories/24206http://secunia.com/advisories/25691http://secunia.com/advisories/25714http://support.avaya.com/elmodocs2/security/ASA-2007-063.htmhttp://www.debian.org/security/2007/dsa-1304http://www.mandriva.com/security/advisories?name=MDKSA-2007:002http://www.mandriva.com/security/advisories?name=MDKSA-2007:012http://www.novell.com/linux/security/advisories/2006_79_kernel.htmlhttp://www.securityfocus.com/archive/1/471457http://www.securityfocus.com/bid/20920http://www.ubuntu.com/usn/usn-416-1http://www.vupen.com/english/advisories/2006/4359https://exchange.xforce.ibmcloud.com/vulnerabilities/30029https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10111
2006-11-06
Published