The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | * | 2.6.34 (excluding) |
Linux | Ubuntu | karmic | * |
Linux | Ubuntu | upstream | * |
Linux-ec2 | Ubuntu | karmic | * |
Linux-ec2 | Ubuntu | lucid | * |
Linux-ec2 | Ubuntu | maverick | * |
Linux-fsl-imx51 | Ubuntu | karmic | * |
Linux-fsl-imx51 | Ubuntu | lucid | * |
Linux-lts-backport-maverick | Ubuntu | lucid | * |