Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 2.6.17 (including) | 2.6.17 (including) |
Linux_kernel | Linux | 2.6.18 (including) | 2.6.18 (including) |
Linux_kernel | Linux | 2.6.19 (including) | 2.6.19 (including) |
Linux_kernel | Linux | 2.6.20 (including) | 2.6.20 (including) |