CVE-2006-2444
HighThe snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.
CVSS 2.0 score
7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
References
The following references provide additional information about CVE-2006-2444 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
-
-
-
-
-
-
-
-
-
-
-
-
Securitytrackerhttp://securitytracker.com/id?1016153
-
-
-
Debian Securityhttp://www.debian.org/security/2006/dsa-1183
-
Debian Securityhttp://www.debian.org/security/2006/dsa-1184
-
US Government Resource
-
-
-
-
-
-
-
-
-
-
Securityfocushttp://www.securityfocus.com/bid/18081
-
Ubuntu Securityhttp://www.ubuntu.com/usn/usn-302-1
-
-
-
-
PatchKernel patch commithttp://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.18
-
PatchKernel patch commithttp://secunia.com/advisories/20225
Frequently asked questions
-
What is CVE-2006-2444?
CVE-2006-2444 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 . CVE-2006-2444 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2006-2444?
CVE-2006-2444 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 2.0). The vector string is
AV:N/AC:L/Au:N/C:N/I:N/A:C. -
Is there a patch available for CVE-2006-2444?
No patch is currently available for CVE-2006-2444. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
-
Is CVE-2006-2444 actively exploited?
No — CVE-2006-2444 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.