| 1 |
Candidate: CVE-2007-1592
|
| 2 |
References:
|
| 3 |
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d35690beda1429544d46c8eb34b2e3a8c37ab299
|
| 4 |
Description:
|
| 5 |
net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3
|
| 6 |
inadvertently copies the ipv6_fl_socklist from a listening TCP socket
|
| 7 |
to child sockets, which allows local users to cause a denial of
|
| 8 |
service (OOPS) or double-free by opening a listening IPv6 socket,
|
| 9 |
attaching a flow label, and connecting to that socket.
|
| 10 |
Ubuntu-Description:
|
| 11 |
Masayuki Nakagawa discovered an error in the flowlabel handling of
|
| 12 |
IPv6 network sockets. A local attacker could exploit this to crash
|
| 13 |
the kernel.
|
| 14 |
Notes:
|
| 15 |
Bugs:
|
| 16 |
upstream: released (2.6.20.4, 2.6.21-rc5)
|
| 17 |
linux-2.6: released (2.6.20-1)
|
| 18 |
2.6.18-etch-security: released (2.6.18.dfsg.1-12etch1) [bugfix/ipv6_fl_socklist-no-share.patch]
|
| 19 |
2.6.8-sarge-security: released (2.6.8-16sarge7) [ipv6_fl_socklist-no-share.dpatch]
|
| 20 |
2.4.27-sarge-security: released (2.4.27-10sarge6) [243_ipv6_fl_socklist-no-share.diff]
|
| 21 |
2.6.15-dapper-security: released (2.6.15-28.54)
|
| 22 |
2.6.17-edgy-security: released (2.6.17.1-11.38)
|
| 23 |
2.6.20-feisty-security: released (2.6.20-16.28)
|
Parent Directory
| 
Revision Log