Bug 176717

Summary:	Kernel: Fib_Semantics.C Out Of Bounds Access Vulnerability (CVE-2007-2172)
Product:	Gentoo Security	Reporter:	Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	sgtphou, unnamedrambler
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.securityfocus.com/bid/23447/info
Whiteboard:	[linux < 2.6.21][gp < 2.6.21-1]
Package list:		Runtime testing required:	---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-05-01 18:30:33 UTC

The Linux kernel is prone to an out-of-bounds-access vulnerability. This issue occurs because the semantics for IPv4 Forwarding Information Base fail to adequately bounds-check user-supplied data before accessing an array.

An attacker can exploit this issue to cause denial-of-service conditions. Arbitrary code execution may also be possible, but this has not been confirmed.

Versions prior to 2.6.21-rc6 are vulnerable.

Comment 1 unnamedrambler 2008-03-08 19:39:38 UTC

metadata:
[linux < 2.6.21] a0ee18b9b7d3847976c6fb315c06a34fb296de0e
[gp < 2.6.21-1]