CVE-2010-4165
Bug #806374 reported by
Paolo Pisati
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Hardy |
Fix Released
|
Undecided
|
Paolo Pisati | ||
Bug Description
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before
2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which
allows local users to cause a denial of service (OOPS) via a setsockopt
call that specifies a small value, leading to a divide-by-zero error or
incorrect use of a signed integer.
| tags: | added: kernel-cve-tracker |
| affects: | ubuntu → linux (Ubuntu) |
| visibility: | private → public |
| Changed in linux (Ubuntu Hardy): | |
| assignee: | nobody → Paolo Pisati (p-pisati) |
| status: | New → Fix Committed |
| Changed in linux (Ubuntu): | |
| status: | New → Invalid |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in linux (Ubuntu Hardy): | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
This bug was fixed in the package linux - 2.6.24-29.92
---------------
linux (2.6.24-29.92) hardy-proposed; urgency=low
[Herton R. Krzesinski]
* Release Tracking Bug
- LP: #812360
[Upstream Kernel Changes]
* af_unix: limit unix_tot_inflight CVE-2010-4249
- LP: #769182
- CVE-2010-4249
* xfs: zero proper structure size for geometry calls CVE-2011-0711
- LP: #767740
- CVE-2011-0711
* netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
- LP: #801482
- CVE-2011-1171
* econet: 4 byte infoleak to the network CVE-2011-1173
- LP: #801484
- CVE-2011-1173
* netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
- LP: #801480
* ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
- LP: #801483
- CVE-2011-1172
* xen: don't allow blkback virtual CDROM device, CVE-2010-4238
- LP: #803931
- CVE-2010-4238
* IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
- LP: #805512
* ipc: initialize structure memory to zero for compat functions
CVE-2010-4073
- LP: #806366
- CVE-2010-4073
* tcp: Increase TCP_MAXSEG socket option minimum CVE-2010-4165
- LP: #806374
- CVE-2010-4165
* taskstats: don't allow duplicate entries in listener mode,
CVE-2011-2484
- LP: #806390
- CVE-2011-2484
* netfilter: ipt_CLUSTERIP: fix buffer overflow, CVE-2011-2534
- LP: #801473
- CVE-2011-2534
* nfs4: Ensure that ACL pages sent over NFS were not allocated from the
slab (v3), CVE-2011-1090
- LP: #800775
- CVE-2011-1090
* fs/partitions: Validate map_count in Mac partition tables
- LP: #804225
- CVE-2011-1010
-- Herton Ronaldo Krzesinski <email address hidden> Mon, 18 Jul 2011 12:36:01 -0300