Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-6657

Опубликовано: 24 сент. 2012
Источник: redhat
CVSS2: 4.4

Описание

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.

It was found that the Linux kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system.

Отчет

This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. This issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 5 and 6. Future kernel updates for Red Hat Enterprise Linux 5 and 6 may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelAffected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise MRG 2kernelNot affected
Red Hat Enterprise Linux 6kernelFixedRHSA-2014:199716.12.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1141742Kernel: net: guard tcp_set_keepalive against crash

4.4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-6657

ubuntu
почти 11 лет назад

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.

nvd логотип

CVE-2012-6657

nvd
почти 11 лет назад

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.

debian логотип

CVE-2012-6657

debian
почти 11 лет назад

The sock_setsockopt function in net/core/sock.c in the Linux kernel be ...

github логотип

GHSA-x8x5-h6pv-r9vg

github
около 3 лет назад

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.

oracle-oval логотип

ELSA-2014-3108

oracle-oval
больше 10 лет назад

ELSA-2014-3108: Unbreakable Enterprise kernel security update (IMPORTANT)

4.4 Medium

CVSS2