CVE-2006-2444

Description

The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.

7.8

CVSS

Severity: High

CVSS 2.0 •

EPSS 69.80% Top 5%

Vendor Advisory redhat.com Vendor Advisory novell.com Vendor Advisory redhat.com Vendor Advisory novell.com Vendor Advisory debian.org Vendor Advisory ubuntu.com Vendor Advisory novell.com Vendor Advisory redhat.com Vendor Advisory mandriva.com Vendor Advisory debian.org Vendor Advisory secunia.com

Affected: n/a n/a

References

Link	Tags
http://www.redhat.com/support/errata/RHSA-2006-0437.html	vendor advisory
http://www.novell.com/linux/security/advisories/2006_42_kernel.html	vendor advisory
http://securitytracker.com/id?1016153	vdb entry
http://www.redhat.com/support/errata/RHSA-2006-0617.html	vendor advisory
http://secunia.com/advisories/20716	third party advisory
http://secunia.com/advisories/21605	third party advisory
http://www.novell.com/linux/security/advisories/2006_47_kernel.html	vendor advisory
http://www.osvdb.org/25750	vdb entry
http://secunia.com/advisories/21136	third party advisory
http://www.debian.org/security/2006/dsa-1183	vendor advisory
http://secunia.com/advisories/20182	third party advisory
http://www.ubuntu.com/usn/usn-302-1	vendor advisory
http://www.vupen.com/english/advisories/2006/1916	vdb entry
http://secunia.com/advisories/22082	third party advisory
http://secunia.com/advisories/21983	third party advisory
http://www.novell.com/linux/security/advisories/2006_64_kernel.html	vendor advisory
http://secunia.com/advisories/21035	third party advisory
http://secunia.com/advisories/22174	third party advisory
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.18	patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11318	signature vdb entry
http://www.redhat.com/support/errata/RHSA-2006-0580.html	vendor advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
http://secunia.com/advisories/22822	third party advisory
http://secunia.com/advisories/20225	patch vendor advisory third party advisory
http://www.securityfocus.com/bid/18081	vdb entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/26594	vdb entry
http://secunia.com/advisories/21498	third party advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm
http://www.kb.cert.org/vuls/id/681569	third party advisory us government resource
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git%3Ba=commit%3Bh=1db6b5a66e93ff125ab871d6b3f7363412cc87e8
http://secunia.com/advisories/22093	third party advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:087	vendor advisory
http://www.debian.org/security/2006/dsa-1184	vendor advisory
http://secunia.com/advisories/21179	third party advisory

Frequently Asked Questions

What is the severity of CVE-2006-2444?: CVE-2006-2444 has been scored as a high severity vulnerability.
How to fix CVE-2006-2444?: To fix CVE-2006-2444, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2006-2444 being actively exploited in the wild?: It is possible that CVE-2006-2444 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~70% probability that this vulnerability will be exploited by malicious actors in the next 30 days.