CVE-2006-3745

Description

Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors.

7.2

CVSS

Severity: High

CVSS 2.0 •

EPSS 0.13%

Vendor Advisory mandriva.com Vendor Advisory redhat.com Vendor Advisory debian.org Vendor Advisory mandriva.com Vendor Advisory mandriva.com Vendor Advisory ubuntu.com Vendor Advisory novell.com Vendor Advisory novell.com Vendor Advisory debian.org Vendor Advisory novell.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory vupen.com

Affected: n/a n/a

References

Link	Tags
https://exchange.xforce.ibmcloud.com/vulnerabilities/28530	vdb entry
http://secunia.com/advisories/21934	third party advisory vendor advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025	vendor advisory
http://secunia.com/advisories/21847	third party advisory vendor advisory
http://www.redhat.com/support/errata/RHSA-2006-0617.html	patch vendor advisory
http://secunia.com/advisories/21695	third party advisory vendor advisory
http://secunia.com/advisories/21605	third party advisory patch vendor advisory
http://www.debian.org/security/2006/dsa-1183	vendor advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150	vendor advisory
http://www.securityfocus.com/bid/19666	vdb entry
http://www.mandriva.com/security/advisories?name=MDKSA-2006:151	vendor advisory
http://secunia.com/advisories/22082	third party advisory vendor advisory
http://secunia.com/advisories/21614	third party advisory vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10706	vdb entry signature
http://secunia.com/advisories/22174	third party advisory vendor advisory
http://www.securityfocus.com/archive/1/444066/100/0/threaded	mailing list
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0600.html	mailing list
http://secunia.com/advisories/21576	third party advisory vendor advisory
http://secunia.com/advisories/22148	third party advisory vendor advisory
http://www.ubuntu.com/usn/usn-346-1	vendor advisory
http://www.novell.com/linux/security/advisories/2006_21_sr.html	vendor advisory
http://www.novell.com/linux/security/advisories/2006_22_sr.html	vendor advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm
https://issues.rpath.com/browse/RPL-611
http://www.vupen.com/english/advisories/2006/3358	vdb entry vendor advisory
http://www.securityfocus.com/archive/1/444887/100/0/threaded	mailing list
http://secunia.com/advisories/22093	third party advisory vendor advisory
http://www.debian.org/security/2006/dsa-1184	vendor advisory
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.2
http://www.novell.com/linux/security/advisories/2006_57_kernel.html	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2006-3745?: CVE-2006-3745 has been scored as a high severity vulnerability.
How to fix CVE-2006-3745?: To fix CVE-2006-3745, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2006-3745 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2006-3745 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.