170701 – Kernel: ipv6_getsockopt_sticky() DoS and Information Leak (CVE-2007-1000)

Bug 170701 - Kernel: ipv6_getsockopt_sticky() DoS and Information Leak (CVE-2007-1000)

Summary: Kernel: ipv6_getsockopt_sticky() DoS and Information Leak (CVE-2007-1000)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://git.kernel.org/git/?p=linux/ke...
Whiteboard:	[linux <2.6.16.44] [linux >=2.6.17 <2...
Keywords:

Duplicates (1):	170878 (view as bug list)
Depends on:
Blocks:

Reported:	2007-03-13 08:42 UTC by Jakub Moc (RETIRED)
Modified:	2009-07-22 13:43 UTC (History)
CC List:	5 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jakub Moc (RETIRED) gentoo-dev

2007-03-13 08:42:43 UTC

Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or disclose potentially sensitive information.

The vulnerability is due to a NULL pointer dereference within the "ipv6_getsockopt_sticky()" function in net/ipv6/ipv6_sockglue.c. This can be exploited to crash the kernel or disclose kernel memory.

The vulnerability is reported in versions prior to 2.6.20.2.

Solution:
Update to version 2.6.20.2.

Provided and/or discovered by:
Reported by an anonymous person.

Original Advisory:
http://bugzilla.kernel.org/show_bug.cgi?id=8134
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.2

Comment 1 Christian Heim (RETIRED) gentoo-dev

2007-03-16 13:21:13 UTC

*** Bug 170878 has been marked as a duplicate of this bug. ***

Comment 2 Jakub Moc (RETIRED) gentoo-dev

2008-01-14 23:16:45 UTC

Don't see anything useful in keeping this bug open...