[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1592Date: (C)2007-03-22   (M)2023-12-22


net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to that socket.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.9
Exploit Score: 3.9
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
BID-23104
SECUNIA-24618
SECUNIA-24777
SECUNIA-25078
SECUNIA-25099
SECUNIA-25226
SECUNIA-25288
SECUNIA-25392
SECUNIA-25630
SECUNIA-25683
SECUNIA-25714
SECUNIA-25961
SECUNIA-26379
SECUNIA-27528
SECUNIA-29058
ADV-2007-1084
DSA-1286
DSA-1304
DSA-1503
MDKSA-2007:078
MDVSA-2011:051
RHBA-2007-0304
RHSA-2007:0347
RHSA-2007:0436
RHSA-2007:0672
RHSA-2007:0673
SUSE-SA:2007:029
SUSE-SA:2007:030
SUSE-SA:2007:035
SUSE-SA:2007:043
USN-464-1
http://marc.info/?l=linux-netdev&m=117406721731891&w=2
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233478
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d35690beda1429544d46c8eb34b2e3a8c37ab299
http://support.avaya.com/elmodocs2/security/ASA-2007-404.htm
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.4
kernel-tcpv6synrecvsoc-dos(33176)
oval:org.mitre.oval:def:10130

CPE    238
cpe:/o:linux:linux_kernel:2.6.20.19
cpe:/o:linux:linux_kernel:2.6.20.11
cpe:/o:linux:linux_kernel:2.6.20.12
cpe:/o:linux:linux_kernel:2.6.20.13
...
CWE    1
CWE-119
OVAL    1
oval:org.mitre.oval:def:8063

© SecPod Technologies