Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-4805

Опубликовано: 25 нояб. 2010
Источник: redhat
CVSS2: 6.1
EPSS Низкий

Описание

The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251.

Отчет

This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG as they have already backported the fixes for this issue. Future kernel updates in Red Hat Enterprise Linux 6 may address this flaw. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4kernelAffected
Red Hat Enterprise Linux 5kernelFixedRHSA-2011:030301.03.2011
Red Hat Enterprise Linux 6kernelFixedRHSA-2011:054219.05.2011
Red Hat Enterprise Linux 6.0 EUS - Server OnlykernelFixedRHSA-2011:088321.06.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=657303kernel: unlimited socket backlog DoS

EPSS

Процентиль: 73%
0.00804
Низкий

6.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-4805

CVSS3: 7.5
ubuntu
около 14 лет назад

The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251.

nvd логотип

CVE-2010-4805

CVSS3: 7.5
nvd
около 14 лет назад

The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251.

debian логотип

CVE-2010-4805

CVSS3: 7.5
debian
около 14 лет назад

The socket implementation in net/core/sock.c in the Linux kernel befor ...

github логотип

GHSA-22vq-wcg7-jq7r

CVSS3: 7.5
github
около 3 лет назад

The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251.

oracle-oval логотип

ELSA-2011-0303

oracle-oval
больше 14 лет назад

ELSA-2011-0303: kernel security and bug fix update (MODERATE)

EPSS

Процентиль: 73%
0.00804
Низкий

6.1 Medium

CVSS2