CVE-2008-2136

Severity

78%

Complexity

99%

Confidentiality

115%

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

Linux

First reported 16 years ago

2008-05-16 12:54:00

Last updated 6 years ago

2018-10-31 18:55:00

Affected Software

Linux Kernel

Debian GNU/Linux 4.0

4.0

Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)

6.06

Canonical Ubuntu Linux 7.04

7.04

Canonical Ubuntu Linux 7.10

7.10

Canonical Ubuntu Linux 8.04 LTS (Long-Term Support)

8.04

References

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3

Vendor Advisory

SUSE-SA:2008:030

Third Party Advisory

SUSE-SA:2008:032

Third Party Advisory

[linux-kernel] 20080509 Re: When should kfree_skb be used?

Mailing List, Third Party Advisory

30198

Third Party Advisory

30241

Third Party Advisory

30276

Third Party Advisory

30368

Third Party Advisory

30499

Third Party Advisory

30818

Third Party Advisory

30962

Third Party Advisory

31107

Third Party Advisory

31198

Third Party Advisory

31341

Third Party Advisory

31628

Third Party Advisory

31689

Third Party Advisory

33201

Third Party Advisory

33280

Third Party Advisory

http://support.avaya.com/elmodocs2/security/ASA-2008-362.htm

Third Party Advisory

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0169

Broken Link

DSA-1588

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.5

Vendor Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3

Vendor Advisory

MDVSA-2008:167

Third Party Advisory

MDVSA-2008:174

Third Party Advisory

RHSA-2008:0585

Third Party Advisory

RHSA-2008:0607

Third Party Advisory

RHSA-2008:0612

Third Party Advisory

RHSA-2008:0787

Third Party Advisory

RHSA-2008:0973

Third Party Advisory

29235

Third Party Advisory, VDB Entry

1020118

Third Party Advisory, VDB Entry

USN-625-1

Third Party Advisory

ADV-2008-1543

Third Party Advisory

ADV-2008-1716

Third Party Advisory

linux-kernel-ipip6rcv-dos(42451)

Third Party Advisory, VDB Entry

oval:org.mitre.oval:def:11038

Broken Link

oval:org.mitre.oval:def:6503

Broken Link

FEDORA-2008-3949

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.