CVE-2006-6106

Impact:
Moderate
Public Date:
2006-12-14
Bugzilla:
1618241: CVE-2006-6106 security flaw

The MITRE CVE dictionary describes this issue as:

Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field.

Find out more about CVE-2006-6106 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat is aware of this issue and is tracking it for Red Hat Enterprise Linux 4 via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218602

This issue does not affect the version of the Linux kernel shipped with Red Hat Enterprise Linux 2.1 or 3.

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (kernel) RHSA-2007:0014 2007-01-30
Last Modified

CVE description copyright © 2017, The MITRE Corporation