Resource exhaustion in Linux kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2006-6060 |
| CWE-ID | CWE-400 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Resource exhaustion
EUVDB-ID: #VU95266
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2006-6060
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow function.
MitigationInstall update from vendor's repository.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://projects.info-pull.com/mokb/MOKB-19-11-2006.html
https://secunia.com/advisories/23474
https://secunia.com/advisories/25691
https://secunia.com/advisories/25714
https://www.debian.org/security/2007/dsa-1304
https://www.novell.com/linux/security/advisories/2006_79_kernel.html
https://www.securityfocus.com/archive/1/471457
https://exchange.xforce.ibmcloud.com/vulnerabilities/30418
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
