The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | * | 2.6.19 (excluding) |
Red Hat Enterprise Linux 3 | RedHat | kernel-0:2.4.21-60.EL | * |
Red Hat Enterprise Linux 4 | RedHat | kernel-0:2.6.9-89.0.9.EL | * |
Red Hat Enterprise Linux 4.7 Z Stream | RedHat | kernel-0:2.6.9-78.0.27.EL | * |
Red Hat Enterprise Linux 5 | RedHat | kernel-0:2.6.18-128.7.1.el5 | * |
Red Hat Enterprise Linux 5.2 Z Stream | RedHat | kernel-0:2.6.18-92.1.28.el5 | * |
Linux-source-2.6.15 | Ubuntu | dapper | * |