rPath Security Advisory: 2006-0122-1 Published: 2006-07-07 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local Deterministic Denial of Service Updated Versions: kernel=/conary.rpath.com@rpl:devel//1/2.6.16.24-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2451 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2934 https://issues.rpath.com/browse/RPL-488 Description: Previous versions of the kernel package are vulnerable to two denial of service attacks. The first allows any local user to fill up file systems by causing core dumps to write to directories to which they do not have write access permissions. The second applies only to systems using the SCTP protocol, which is not enabled by default, and the tools required to configure it (lksctp-tools) are not included in rPath Linux. This vulnerability, which cannot apply to systems without lksctp-tools installed, enables a remote denial of service attack in which specially-crafted packets can crash the system.