CVE-2006-5751

Description

Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.

7.2

CVSS

Severity: High

CVSS 2.0 •

EPSS 0.07%

Vendor Advisory novell.com Vendor Advisory redhat.com Vendor Advisory mandriva.com Vendor Advisory novell.com Vendor Advisory debian.org Vendor Advisory mandriva.com Vendor Advisory ubuntu.com

Affected: n/a n/a

References

Link	Tags
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ba8379b220509e9448c00a77cf6c15ac2a559cc7
http://www.novell.com/linux/security/advisories/2006_79_kernel.html	vendor advisory
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18.4
https://issues.rpath.com/browse/RPL-803
http://secunia.com/advisories/23073	third party advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10151	vdb entry signature
http://www.vupen.com/english/advisories/2006/4781	vdb entry
http://rhn.redhat.com/errata/RHSA-2007-0014.html	vendor advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012	vendor advisory
http://secunia.com/advisories/23593	third party advisory
http://www.novell.com/linux/security/advisories/2007_21_kernel.html	vendor advisory
https://issues.rpath.com/browse/RPL-837
http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm
http://secunia.com/advisories/23384	third party advisory
http://secunia.com/advisories/23752	third party advisory
http://secunia.com/advisories/24206	third party advisory
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=blobdiff%3Bh=4c61a7e0a86e1ae9e16867f9f8e4b0412b8edbaf%3Bhp=4e4119a1213925568b8a1acdef9bf52b98b19da3%3Bhb=ba8379b220509e9448c00a77cf6c15ac2a559cc7%3Bf=net/bridge/br_ioctl.c
http://secunia.com/advisories/23252	third party advisory
http://secunia.com/advisories/23474	third party advisory
http://projects.info-pull.com/mokb/MOKB-29-11-2006.html
http://www.us.debian.org/security/2006/dsa-1233	vendor advisory
http://secunia.com/advisories/23370	third party advisory
http://secunia.com/advisories/23997	third party advisory
http://www.securityfocus.com/bid/21353	vdb entry patch
http://secunia.com/advisories/24547	third party advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:002	vendor advisory
http://www.ubuntu.com/usn/usn-395-1	vendor advisory
http://www.securityfocus.com/archive/1/453681/100/0/threaded	mailing list
https://exchange.xforce.ibmcloud.com/vulnerabilities/30588	vdb entry

Frequently Asked Questions

What is the severity of CVE-2006-5751?: CVE-2006-5751 has been scored as a high severity vulnerability.
How to fix CVE-2006-5751?: To fix CVE-2006-5751, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2006-5751 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2006-5751 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.