CompuWorld » linux bugs http://www.nofullstop.com The Genius Inside You Is Still Sleeping Thu, 09 Sep 2010 17:25:53 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Linux Kernel IPv6 Sockets DoS Vulnerability http://www.nofullstop.com/2007/03/23/linux-kernel-ipv6-sockets-dos-vulnerability/ http://www.nofullstop.com/2007/03/23/linux-kernel-ipv6-sockets-dos-vulnerability/#comments Fri, 23 Mar 2007 15:30:00 +0000 Salman http://www.nofullstop.com/2007/03/23/linux-kernel-ipv6-sockets-dos-vulnerability/ A kernel vulnerability has been found today by Masayuki Nakagawa, which can be exploited by local attackers to cause a denial of service (DoS) attack.

Affected Software
Linux Kernel versions 2.6.x

Description

A vulnerability has been identified in Linux Kernel, which could be exploited by local attackers to cause a denial of service. This issue is due to an error in the tcp_v6_syn_recv_soc()” [net/ipv6/tcp_ipv6.c] function where the IPv6 flow list (ipv6_fl_socklist) is shared with child sockets, which could be exploited by malicious users to crash an affected system by manipulating listening IPv6 TCP sockets.

This issue has been rated as low risk and can only be exploited locally and not remotely.

Workaround Available

Apply patch :
http://www.marc.info/?l=linux-netdev&m=117406721731891

References for this kernel vulnerability can be found here and here.

© CompuWorld - because The Genius Inside You Is Still Sleeping.

Tags:

Related posts

  • No related posts.
]]> http://www.nofullstop.com/2007/03/23/linux-kernel-ipv6-sockets-dos-vulnerability/feed/ 0