Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-4526

Опубликовано: 06 мая 2010
Источник: redhat
CVSS2: 7.1

Описание

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.

Отчет

The Linux kernel as shipped with Red Hat Enterprise Linux 4 did not include upstream commit history:5aabd1fe268e850c2e93048a5ccc5eb6970ac49c, and therefore is not affected by this issue. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via http://rhn.redhat.com/errata/RHSA-2011-0163.html, https://rhn.redhat.com/errata/RHSA-2011-0421.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise MRG 1realtime-kernelAffected
Red Hat Enterprise Linux 5kernelFixedRHSA-2011:016318.01.2011
Red Hat Enterprise Linux 6kernelFixedRHSA-2011:042108.04.2011
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2011:125312.09.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-662->CWE-362->CWE-672->CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=664914kernel: sctp: a race between ICMP protocol unreachable and connect()

7.1 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-4526

ubuntu
больше 14 лет назад

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.

nvd логотип

CVE-2010-4526

nvd
больше 14 лет назад

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.

debian логотип

CVE-2010-4526

debian
больше 14 лет назад

Race condition in the sctp_icmp_proto_unreachable function in net/sctp ...

github логотип

GHSA-mrp2-pm5c-pxrh

github
около 3 лет назад

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.

oracle-oval логотип

ELSA-2011-0163

oracle-oval
больше 14 лет назад

ELSA-2011-0163: kernel security and bug fix update (IMPORTANT)

7.1 High

CVSS2