Vulnerabilidad en controlador ftdi_sio (usbserialftdi_sio.c) en el kernel de Linux de 2.6.x a 2.6.17 y posiblemente versiones posteriores, denegación de servicio (CVE-2006-2936)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-399
Error en la gestión de recursos
Fecha de publicación:
10/07/2006
Última modificación:
03/04/2025
Descripción
El controlador ftdi_sio (usb/serial/ftdi_sio.c) en el kernel de Linux de 2.6.x a 2.6.17 y posiblemente versiones posteriores, permite a usuarios locales provocar una denegación de servicio (consumo de memoria) al escribir mas datos al puerto serie de los que puede manejar el hardware, lo que provoca que los datos queden en cola.
Impacto
Puntuación base 2.0
7.80
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.1:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.2:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.2:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.2:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.3:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.3:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.3:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.3:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://secunia.com/advisories/20703
- http://secunia.com/advisories/21057
- http://secunia.com/advisories/21298
- http://secunia.com/advisories/21605
- http://secunia.com/advisories/21614
- http://secunia.com/advisories/21934
- http://secunia.com/advisories/22093
- http://secunia.com/advisories/22174
- http://secunia.com/advisories/24547
- http://secunia.com/advisories/25226
- http://secunia.com/advisories/25683
- http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm
- http://www.debian.org/security/2006/dsa-1184
- http://www.kernel.org/git/?p=linux/kernel/git/gregkh/patches.git%3Ba%3Dblob%3Bh%3D4b4d9cfea17618b80d3ac785b701faeaf60141f1%3Bhb%3D396eb2aac550ec55856c6843ef9017e800c3d656
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A150
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A151
- http://www.novell.com/linux/security/advisories/2007_18_kernel.html
- http://www.novell.com/linux/security/advisories/2007_21_kernel.html
- http://www.novell.com/linux/security/advisories/2007_30_kernel.html
- http://www.novell.com/linux/security/advisories/2007_35_kernel.html
- http://www.osvdb.org/27119
- http://www.redhat.com/support/errata/RHSA-2006-0617.html
- http://www.securityfocus.com/archive/1/440300/100/0/threaded
- http://www.securityfocus.com/bid/19033
- http://www.ubuntu.com/usn/usn-331-1
- http://www.ubuntu.com/usn/usn-346-1
- http://www.vupen.com/english/advisories/2006/2841
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197610
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27807
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10265
- http://secunia.com/advisories/20703
- http://secunia.com/advisories/21057
- http://secunia.com/advisories/21298
- http://secunia.com/advisories/21605
- http://secunia.com/advisories/21614
- http://secunia.com/advisories/21934
- http://secunia.com/advisories/22093
- http://secunia.com/advisories/22174
- http://secunia.com/advisories/24547
- http://secunia.com/advisories/25226
- http://secunia.com/advisories/25683
- http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm
- http://www.debian.org/security/2006/dsa-1184
- http://www.kernel.org/git/?p=linux/kernel/git/gregkh/patches.git%3Ba%3Dblob%3Bh%3D4b4d9cfea17618b80d3ac785b701faeaf60141f1%3Bhb%3D396eb2aac550ec55856c6843ef9017e800c3d656
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A150
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A151
- http://www.novell.com/linux/security/advisories/2007_18_kernel.html
- http://www.novell.com/linux/security/advisories/2007_21_kernel.html
- http://www.novell.com/linux/security/advisories/2007_30_kernel.html
- http://www.novell.com/linux/security/advisories/2007_35_kernel.html
- http://www.osvdb.org/27119
- http://www.redhat.com/support/errata/RHSA-2006-0617.html
- http://www.securityfocus.com/archive/1/440300/100/0/threaded
- http://www.securityfocus.com/bid/19033
- http://www.ubuntu.com/usn/usn-331-1
- http://www.ubuntu.com/usn/usn-346-1
- http://www.vupen.com/english/advisories/2006/2841
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197610
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27807
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10265