CVE-2006-6058

Description

The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error.

CVSS Metrics

• v2.0•MEDIUM•Score: 4AV:L/AC:H/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.34%• Percentile: 57%

Techniques & Countermeasures

• CWE-189•Numeric Errors

  Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

• linux•linux_kernel

  2.6.0 | 2.6.1 | 2.6.2 | 2.6.3 | 2.6.4 | 2.6.5 | 2.6.6 | 2.6.7 | 2.6.8 | 2.6.8.1 | 2.6.9:2.6.20 | 2.6.10 | 2.6.11 | 2.6.11.1 | 2.6.11.2 | 2.6.11.3 | 2.6.11.4 | 2.6.11.5 | 2.6.11.6 | 2.6.11.7 | 2.6.11.8 | 2.6.11.9 | 2.6.11.10 | 2.6.11.11 | 2.6.11.12 | 2.6.12 | 2.6.12.1 | 2.6.12.2 | 2.6.12.3 | 2.6.12.4 | 2.6.12.5 | 2.6.12.6 | 2.6.13 | 2.6.13.1 | 2.6.13.2 | 2.6.13.3 | 2.6.13.4 | 2.6.13.5 | 2.6.14 | 2.6.14.1 | 2.6.14.2 | 2.6.14.3 | 2.6.14.4 | 2.6.14.5 | 2.6.14.6 | 2.6.14.7 | 2.6.15 | 2.6.15.1 | 2.6.15.2 | 2.6.15.3 | 2.6.15.4 | 2.6.15.5 | 2.6.15.6 | 2.6.15.7 | 2.6.16 | 2.6.16.1 | 2.6.16.2 | 2.6.16.3 | 2.6.16.4 | 2.6.16.5 | 2.6.16.6 | 2.6.16.7 | 2.6.16.8 | 2.6.16.9 | 2.6.16.10 | 2.6.16.11 | 2.6.16.12 | 2.6.16.13 | 2.6.16.14 | 2.6.16.15 | 2.6.16.16 | 2.6.16.17 | 2.6.16.18 | 2.6.16.19 | 2.6.16.20 | 2.6.16.21 | 2.6.16.22 | 2.6.16.23 | 2.6.16.24 | 2.6.16.25 | 2.6.16.26 | 2.6.16.27 | 2.6.16.28 | 2.6.16.29 | 2.6.16.30 | 2.6.16.31 | 2.6.16.32 | 2.6.16.33 | 2.6.17 | 2.6.17.1 | 2.6.17.2 | 2.6.17.3 | 2.6.17.4 | 2.6.17.5 | 2.6.17.6 | 2.6.17.7 | 2.6.17.8 | 2.6.17.9 | 2.6.17.10 | 2.6.17.11 | 2.6.17.12 | 2.6.17.13 | 2.6.17.14 | 2.6.18 | 2.6.18:rc1 | 2.6.18:rc2 | 2.6.18:rc3 | 2.6.18:rc4 | 2.6.18:rc5 | 2.6.18:rc6 | 2.6.18:rc7 | 2.6.18.1 | 2.6.18.2 | 2.6.18.3 | 2.6.18.4 | 2.6.18.5 | 2.6.18.6 | 2.6.18.7 | 2.6.18.8 | 2.6.19 | 2.6.19:rc1 | 2.6.19:rc2 | 2.6.19:rc3 | 2.6.19:rc4 | 2.6.19.1 | 2.6.19.2 | 2.6.19.3 | 2.6.20 | 2.6.20:rc2 | 2.6.20.1 | 2.6.20.2 | 2.6.20.3 | 2.6.20.4 | 2.6.20.5 | 2.6.20.6 | 2.6.20.7 | 2.6.20.8 | 2.6.20.9 | 2.6.20.10 | 2.6.20.11 | 2.6.20.12 | 2.6.20.13 | 2.6.20.14 | 2.6.20.15 | 2.6.21 | 2.6.21:git1 | 2.6.21:git2 | 2.6.21:git3 | 2.6.21:git4 | 2.6.21:git5 | 2.6.21:git6 | 2.6.21:git7 | 2.6.21:rc3 | 2.6.21:rc4 | 2.6.21:rc5 | 2.6.21:rc6 | 2.6.21:rc7 | 2.6.21.1 | 2.6.21.2 | 2.6.21.3 | 2.6.21.4 | 2.6.22 | 2.6.22:rc6 | 2.6.22.1 | 2.6.22.3 | 2.6.22.4 | 2.6.22.5 | 2.6.22.6 | 2.6.22.7 | 2.6.22.16 | 2.6.23 | 2.6.23:rc1 | 2.6.23:rc2 | 2.6.23.1 | 2.6.23.2 | 2.6.23.3 | 2.6.23.4 | 2.6.23.5 | 2.6.23.6 | 2.6.23.7 | 2.6.23.9 | 2.6.23.14

References (27)

• http://projects.info-pull.com/mokb/MOKB-17-11-2006.html
• https://issues.rpath.com/browse/RPL-1929
• http://www.debian.org/security/2007/dsa-1436
• http://secunia.com/advisories/27703
• http://secunia.com/advisories/28141
• http://secunia.com/advisories/28706
• http://secunia.com/advisories/27528
• http://secunia.com/advisories/26379
• http://www.mandriva.com/security/advisories?name=MDKSA-2007:226
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:112
• http://www.debian.org/security/2008/dsa-1504
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:008
• http://www.novell.com/linux/security/advisories/2007_59_kernel.html
• http://secunia.com/advisories/28654
• http://secunia.com/advisories/23034
• http://www.redhat.com/support/errata/RHSA-2007-0672.html
• http://www.vupen.com/english/advisories/2006/4613
• http://www.ubuntu.com/usn/usn-558-1
• http://www.ubuntu.com/usn/usn-574-1
• http://secunia.com/advisories/29058
• http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24
• http://secunia.com/advisories/28971
• http://secunia.com/advisories/28170
• http://www.mandriva.com/security/advisories?name=MDKSA-2007:232
• http://secunia.com/advisories/27614
• http://www.ubuntu.com/usn/usn-578-1
• http://support.avaya.com/elmodocs2/security/ASA-2007-404.htm