SB2011021804 - Input validation error in Linux kernel
Published: February 18, 2011 Updated: August 11, 2020
Security Bulletin ID
SB2011021804
Severity
Medium
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2011-0709)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7f285fa78d4b81b8458f05e77fb6b46245121b4e
- http://openwall.com/lists/oss-security/2011/02/16/1
- http://openwall.com/lists/oss-security/2011/02/16/14
- http://openwall.com/lists/oss-security/2011/02/16/8
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.35/ChangeLog-2.6.35-rc5
- http://www.securityfocus.com/bid/41432
- http://www.spinics.net/lists/netdev/msg134414.html
- http://www.spinics.net/lists/netdev/msg134444.html