Lucene search

[email protected]CVE-2005-3809

HistoryNov 25, 2005 - 9:03 p.m.

CVE-2005-3809

2005-11-2521:03:00

[email protected]

web.nvd.nist.gov

nfattr_to_tcp

ip_conntrack_proto_tcp.c

ctnetlink

linux kernel

denial of service

null dereference

cve-2005-3809

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.2%

JSON

The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference.

Affected configurations

NVD

Node

linuxlinux_kernelMatch2.6.14

linuxlinux_kernelMatch2.6.14rc1

linuxlinux_kernelMatch2.6.14rc2

linuxlinux_kernelMatch2.6.14rc3

linuxlinux_kernelMatch2.6.14rc4

linuxlinux_kernelMatch2.6.14.1

linuxlinux_kernelMatch2.6.14.2

linuxlinux_kernelMatch2.6.14.3

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.14
linux:linux_kernellinux linux kerneleq2.6.14.1
linux:linux_kernellinux linux kerneleq2.6.14.2
linux:linux_kernellinux linux kerneleq2.6.14.3

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.14
linux:linux_kernel	linux linux kernel	eq	2.6.14.1
linux:linux_kernel	linux linux kernel	eq	2.6.14.2
linux:linux_kernel	linux linux kernel	eq	2.6.14.3

References

marc.info/?l=linux-kernel&m=113269476105016&w=2

www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.3

www.osvdb.org/24114

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.2%

JSON

Related for CVE-2005-3809

nvd1 ubuntucve1 cvelist1