Linux Kernel versions prior to 126.96.36.199 contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability exists due to an integer overflow error in the dccp_setsockopt_change()
kernel function in net/dccp/proto.c
, which is part of the Datagram Congestion Control Protocol (DCCP) subsystem. The vulnerability exists in the handling of feature negotiation options. More specifically, the vulnerability is in the processing of the Change L
and Change R
options. These options are normally sent in DCCP packets to request specific feature settings between the two systems. An unauthenticated, remote attacker could cause an affected system to panic by establishing a DCCP connection with an affected system and then sending it a packet with a Change L
or Change R
option set using crafted parameters. If the option parameters can be set such that the kernel variable dccpsf_val
is passed a value of less than one byte, a kernel panic could be triggered, resulting in a DoS condition. Attackers may be able to execute arbitrary code, but this impact has not been proven.
Kernel.org confirmed this vulnerability and released an updated version.
Kernel.org has released a summary of changes at the following link: Wed Aug 13 13:48:39 2008
. Kernel.org has released an updated version at the following link: Linux Kernel 188.8.131.52
Debian has released a security advisory and updated packages at the following link: DSA-1636-1
MontaVista Software has released a security alert for registered users on December 6, 2012, at the following link: MontaVista Security Fixes. MontaVista Software has released updated software at the following links:
Red Hat has released a security advisory at the following link: RHSA-2008:0857
. Red Hat packages can be updated using the up2date