{"vuid":"VU#920689","idnumber":"920689","name":"Linux Kernel vulnerable to DoS via the ipv6_getsockopt_sticky() function","keywords":["Linux Kernel","DoS","denial of service","null pointer dereference","ipv6_getsockopt_sticky() function","net/ipv6/ipv6_sockglue.c"],"overview":"The Linux Kernel contains a vulnerability that may allow a remote attacker to create a denial-of-service condition.","clean_desc":"Internet Protocol version 6 (IPv6) is a IP standard that is designed to replace the Internet Protocol version 4 (IPv4). The Linux kernel provides IPv6 support, and Linux vendors may enable IPv6 by default. The Linux kernel contains a condition that may allow a null pointer to be dereferenced during a memory allocation by the ipv6_getsockopt_sticky() function in net/ipv6/ipv6_sockglue.c. Note that this vulnerability may be present in both the 2.4 and 2.6 versions of the Linux kernel.","impact":"A remote unauthenticated attacker may be able to cause the kernel to panic (Oops) on a vulnerable system, thereby creating a denial of service.. If the vulnerable software is running on a server, all clients that rely on the server will also be affected.","resolution":"Upgrade\nThis issue has been addressed in Linux kernel version 2.6.20.2. Users who do not compile their kernels from source should contact their operating system vendor for updated kernel packages.","workarounds":"Disable IPv6 If IPv6 functionality is not needed, disabling it may mitigate this vulnerability. Adding alias net-pf-10 ipv6 off to your modprobe configuration file and rebooting may disable IPv6 functionality.","sysaffected":"","thanks":"Thanks to \nChris Wright\n for information that was used in this report.","author":"This document was written by Ryan Giobbi.","public":["http://bugzilla.kernel.org/show_bug.cgi?id=8134","http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.2","https://www.securecoding.cert.org/confluence/display/seccode/Do+not+dereference+invalid+pointers","http://www.kernel.org/","http://secunia.com/advisories/24493/","http://en.wikipedia.org/wiki/Ipv6","http://en.wikipedia.org/wiki/Ipv4"],"cveids":["CVE-2007-1000"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-03-12T18:12:14Z","publicdate":"2007-03-12T00:00:00Z","datefirstpublished":"2007-03-13T17:54:21Z","dateupdated":"2007-03-13T19:20:16Z","revision":20,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"17","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"10","cam_impact":"10","cam_easeofexploitation":"6","cam_attackeraccessrequired":"15","cam_scorecurrent":"3.7125","cam_scorecurrentwidelyknown":"4.21875","cam_scorecurrentwidelyknownexploited":"7.59375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.7125,"vulnote":null}