CVE-2006-5158

The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.

CVSS v3 7.5 HIGH
CVSS v2.0 3.3 LOW

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=linux-kernel&m=113476665626446&w=2	Mailing List
http://marc.info/?l=linux-kernel&m=113494474208973&w=2	Mailing List Patch
http://rhn.redhat.com/errata/RHSA-2007-0488.html	Third Party Advisory
http://secunia.com/advisories/23361	Broken Link Vendor Advisory
http://secunia.com/advisories/23384	Broken Link Vendor Advisory
http://secunia.com/advisories/23752	Broken Link Vendor Advisory
http://secunia.com/advisories/25838	Broken Link Vendor Advisory
http://secunia.com/advisories/26289	Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm	Third Party Advisory
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9b5b1f5bf9dcdb6f23abf65977a675eb4deba3c0	Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012	Patch Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_57_kernel.html	Broken Link
http://www.securityfocus.com/bid/21581	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-395-1	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10128	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:4.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*

History

15 Feb 2024, 20:23

Type	Values Removed	Values Added
References	~~(MLIST) http://marc.info/?l=linux-kernel&m=113476665626446&w=2 -~~	(MLIST) http://marc.info/?l=linux-kernel&m=113476665626446&w=2 - Mailing List
References	~~(MLIST) http://marc.info/?l=linux-kernel&m=113494474208973&w=2 -~~	(MLIST) http://marc.info/?l=linux-kernel&m=113494474208973&w=2 - Mailing List, Patch
References	~~(BID) http://www.securityfocus.com/bid/21581 -~~	(BID) http://www.securityfocus.com/bid/21581 - Broken Link, Third Party Advisory, VDB Entry
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10128 -~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10128 - Broken Link
References	~~(UBUNTU) http://www.ubuntu.com/usn/usn-395-1 -~~	(UBUNTU) http://www.ubuntu.com/usn/usn-395-1 - Third Party Advisory
References	~~(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:012 -~~	(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:012 - Patch, Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/23384 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/23384 - Broken Link, Vendor Advisory
References	~~(CONFIRM) http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm -~~	(CONFIRM) http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm - Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/25838 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/25838 - Broken Link, Vendor Advisory
References	~~(SUSE) http://www.novell.com/linux/security/advisories/2006_57_kernel.html -~~	(SUSE) http://www.novell.com/linux/security/advisories/2006_57_kernel.html - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/26289 -~~	(SECUNIA) http://secunia.com/advisories/26289 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/23752 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/23752 - Broken Link, Vendor Advisory
References	~~() http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9b5b1f5bf9dcdb6f23abf65977a675eb4deba3c0 -~~	() http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9b5b1f5bf9dcdb6f23abf65977a675eb4deba3c0 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/23361 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/23361 - Broken Link, Vendor Advisory
References	~~(REDHAT) http://rhn.redhat.com/errata/RHSA-2007-0488.html -~~	(REDHAT) http://rhn.redhat.com/errata/RHSA-2007-0488.html - Third Party Advisory
First Time		Canonical Canonical ubuntu Linux Redhat enterprise Linux Server Redhat Redhat enterprise Linux Eus Redhat enterprise Linux Workstation Redhat enterprise Linux Desktop
CVSS	v2 : ~~3.3~~ v3 : ~~unknown~~	v2 : 3.3 v3 : 7.5
CWE	~~NVD-CWE-Other~~	CWE-667
CPE	cpe:2.3:o:linux:linux_kernel:2.6.11.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.9:::::::* cpe:2.3:o:linux:linux_kernel:2.6.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.8.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.9:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.10:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.12:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.10:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.11:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15:::::::* cpe:2.3:o:linux:linux_kernel:2.6.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.5:::::::*	cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:4.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:4.5:::::::*

07 Nov 2023, 01:59

Type	Values Removed	Values Added
References	{'url': 'http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9b5b1f5bf9dcdb6f23abf65977a675eb4deba3c0', 'name': 'http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9b5b1f5bf9dcdb6f23abf65977a675eb4deba3c0', 'tags': [], 'refsource': 'CONFIRM'}	() http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9b5b1f5bf9dcdb6f23abf65977a675eb4deba3c0 -

Information

Published : 2006-10-05 04:04

Updated : 2024-02-28 11:01

NVD link : CVE-2006-5158

Mitre link : CVE-2006-5158

CVE.ORG link : CVE-2006-5158

JSON object : View

Products Affected

linux

linux_kernel

redhat

enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_eus
enterprise_linux_workstation

canonical

ubuntu_linux

CWE

CWE-667

Improper Locking

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2006-5158

7.5^/10

3.3^/10

Attach tags to `CVE-2006-5158`