path: root/retired/CVE-2007-2242

Candidate: CVE-2007-2242
References: 
 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=010831ab8436dfd9304b203467566fb6b135c24f
 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=9d08f139275450f9366d85ba09b9a2e09bb33766
Description: 
 The IPv6 protocol allows remote attackers to cause a denial of service via
 crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network
 amplification between two routers.
Ubuntu-Description: 
 A flaw was discovered in the IPv6 stack's handling of type 0 route headers.
 By sending a specially crafted IPv6 packet, a remote attacker could cause
 a denial of service between two IPv6 hosts.
Notes: 
 dannf> Some info from Vlad Yasevich:
  <vlad> dannf: is someone including commits 010831ab8436dfd9304b203467566fb6b135c24f and 9d08f139275450f9366d85ba09b9a2e09bb33766 (IPv6 routing header changes) in the debian kernel?
 ...
 <dannf> vlad: right, but (010831ab8436dfd9304b203467566fb6b135c24f) is security, so it'll be included in etch if necessary
 <dannf> s/necessary/affected/
 <vlad> dannf: you need the second one I listed as well, since the first one has a bug in it.
 <dannf> vlad: oh, ok - thx
 <vlad> dannf: although for the purposes of 2.6.18, the second one might be a no-op and the first one might need to be modified a bit.
 jmm> Contacted Willy
 dannf> functions are different, but 2.4 code looks similar
 dannf> My 2.4 backport attempt causes a crash at boot time, ignoring for now
Bugs: 421595
upstream: released (2.6.21)
linux-2.6: released (2.6.21-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/ipv6-disallow-RH0-by-default.patch]
2.6.8-sarge-security: needed
2.4.27-sarge-security: ignored (2.4.27-10sarge6) "needs port"
2.6.15-dapper-security: released (2.6.15-29.58)
2.6.17-edgy-security: released (2.6.17.1-11.39) [fee89820efa8e3479b39149dcfb2b1bccdaadedc]
2.6.20-feisty-security: released (2.6.20-16.28)