blob: 147102c14039270af712ef355e6c23f94323d1d3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Candidate: CVE-2007-1496
References:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dd16704eba171b32ef0cded3a4f562b33b911066
Description:
nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows
attackers to cause a denial of service (crash) via unspecified
vectors involving the (1) nfulnl_recv_config function, (2) using
"multiple packets per netlink message", and (3) bridged packets,
which trigger a NULL pointer dereference.
Ubuntu-Description:
A Denial of Service vulnerability was discovered in the
nfnetlink_log() netfilter function. A remote attacker could exploit
this to trigger a kernel crash.
Notes:
dannf> file doesn't exist in 2.4.27/2.6.8
Bugs:
upstream: released (2.6.20.3, 2.6.21)
linux-2.6: released (2.6.20-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-12etch2) [bugfix/nfnetlink_log-null-deref.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-28.53)
2.6.17-edgy-security: released (2.6.17.1-11.38)
2.6.20-feisty-security: N/A
|
