Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Linux

Linux

Linux Kernel Vulnerability: IPv6 Sockets Local DoS

"tcp_v6_syn_recv_soc()" kernel vulnerability

By Marius Nestor, Linux Editor

23rd of March 2007, 14:18 GMT

Adjust text size:


Tux
Enlarge picture
A kernel vulnerability has been found today by Masayuki Nakagawa, which can be exploited by local attackers to cause a denial of service (DoS) attack.
This bug is due to an error in the "tcp_v6_syn_recv_soc()" a.k.a. net/ipv6/tcp_ipv6.c function where the IPv6 flow list (ipv6_fl_socklist) is shared with child sockets. This can be exploited by someone to crash an affected machine by manipulating listening IPv6 TCP sockets.

This vulnerability affects all 2.6 versions of the Linux Kernel and it is urgent for everybody to apply the following patch.

[PATCH 2.6.21-rc3] IPV6: ipv6_fl_socklist is inadvertently shared.

This issue has been rated as low risk and can only be exploitable locally and not remotely.

References for this kernel vulnerability can be found here and here.

The Linux Kernel is the essential part of all Linux Distributions, responsible for resource allocation, low-level hardware interfaces, security, simple communications, and basic file system management.

Linux is a clone of the operating system Unix, initially written from scratch by Linus Torvalds with assistance from a loosely-knit team of hackers across the Net. It aims towards POSIX and Single UNIX Specification compliance.

You can download the Linux kernel now from Softpedia.

TAGS:

 kernel vulnerability | linux kernel | IPv6 Sockets | Local DoS | tcp_v6_syn_recv_soc()


Rating:
Fair (2.8/5) 12 vote(s) so far    

Read by 0 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Linux Kernel Gains New Real-Time Support

Linus Torvalds is a Hero!

Sony PlayStation 3 Support in Linux Kernel

Linux Kernel Gains Serviceability Features

KVM to Be Merged into Linux Kernel 2.6.20

Linux Kernel 2.6.19.2 Released

Linux Kernel 2.6.20 Released

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive