The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | 2.6.20 (including) | 2.6.20 (including) |
| Linux_kernel | Linux | 2.6.20.1 (including) | 2.6.20.1 (including) |
| Linux_kernel | Linux | 2.6.20.2 (including) | 2.6.20.2 (including) |
| Linux | Ubuntu | upstream | * |
| Linux-source-2.6.15 | Ubuntu | upstream | * |
| Linux-source-2.6.17 | Ubuntu | upstream | * |
| Linux-source-2.6.20 | Ubuntu | feisty | * |
| Linux-source-2.6.20 | Ubuntu | upstream | * |
| Linux-source-2.6.22 | Ubuntu | devel | * |
| Linux-source-2.6.22 | Ubuntu | upstream | * |
References
- http://securityreason.com/securityalert/2511
- http://www.securityfocus.com/archive/1/463969/100/0/threaded
- http://www.securitytracker.com/id?1017820
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33274
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43321
- http://securityreason.com/securityalert/2511
- http://www.securityfocus.com/archive/1/463969/100/0/threaded
- http://www.securitytracker.com/id?1017820
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33274
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43321