[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-2172Date: (C)2007-04-22   (M)2024-02-22


A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.7
Exploit Score: 3.4
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
BID-23447
SECUNIA-25068
SECUNIA-25288
SECUNIA-25392
SECUNIA-25838
SECUNIA-26289
SECUNIA-26450
SECUNIA-26620
SECUNIA-26647
SECUNIA-27913
SECUNIA-29058
SECUNIA-33280
ADV-2007-2690
DSA-1356
DSA-1363
DSA-1503
DSA-1504
MDKSA-2007:171
MDKSA-2007:196
MDKSA-2007:216
RHSA-2007:0347
RHSA-2007:0488
RHSA-2007:1049
RHSA-2008:0787
USN-464-1
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc6
http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35
http://www.mail-archive.com/git-commits-head%40vger.kernel.org/msg08269.html
http://www.mail-archive.com/git-commits-head%40vger.kernel.org/msg08270.html
kernel-dnfibprops-fibprops-dos(33979)
oval:org.mitre.oval:def:10764

CPE    18
cpe:/o:linux:linux_kernel:2.6.21:rc1
cpe:/o:linux:linux_kernel:2.6.21:rc2
cpe:/o:linux:linux_kernel:2.6.21:rc3
cpe:/o:debian:debian_linux:3.1
...
CWE    1
CWE-20
OVAL    3
oval:org.mitre.oval:def:8130
oval:org.mitre.oval:def:8063
oval:org.secpod.oval:def:500526

© SecPod Technologies