iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Iproute | Stephen_hemminger | * | 2.4.7 (including) |
| Red Hat Enterprise Linux 3 | RedHat | iproute-0:2.4.7-11.30E.1 | * |
| Red Hat Linux 7.1 | RedHat | * | |
| Red Hat Linux 7.2 | RedHat | * | |
| Red Hat Linux 7.3 | RedHat | * | |
| Red Hat Linux 8.0 | RedHat | * | |
| Red Hat Linux 9 | RedHat | * | |
| Busybox | Ubuntu | dapper | * |
| Busybox | Ubuntu | devel | * |
| Busybox | Ubuntu | edgy | * |
| Busybox | Ubuntu | feisty | * |
| Iproute | Ubuntu | dapper | * |
| Iproute | Ubuntu | devel | * |
| Iproute | Ubuntu | edgy | * |
| Iproute | Ubuntu | feisty | * |
References
- http://www.debian.org/security/2004/dsa-492
- http://www.novell.com/linux/security/advisories/2005_01_sr.html
- http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00004.html
- http://www.redhat.com/support/errata/RHSA-2003-316.html
- http://www.redhat.com/support/errata/RHSA-2003-317.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10912
- http://www.debian.org/security/2004/dsa-492
- http://www.novell.com/linux/security/advisories/2005_01_sr.html
- http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00004.html
- http://www.redhat.com/support/errata/RHSA-2003-316.html
- http://www.redhat.com/support/errata/RHSA-2003-317.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10912