CVE-2010-0006 - Vulnerability Details - OpenCVE

The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=300951
http://cert.fi/en/reports/2010/vulnerability341748.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2570a4f5428bcdb1077622342181755741e7fa60
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html
http://marc.info/?l=linux-netdev&m=126343325807340&w=2
http://secunia.com/advisories/38168
http://secunia.com/advisories/38333
http://security-tracker.debian.org/tracker/CVE-2010-0006
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.4
http://www.openwall.com/lists/oss-security/2010/01/14/2
http://www.osvdb.org/61876
http://www.securityfocus.com/bid/37810
https://bugzilla.redhat.com/show_bug.cgi?id=555217
https://nvd.nist.gov/vuln/detail/CVE-2010-0006
https://www.cve.org/CVERecord?id=CVE-2010-0006

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-01-26T18:00:00

Updated: 2024-08-07T00:30:47.191Z

Reserved: 2009-12-14T00:00:00

Link: CVE-2010-0006

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-01-26T18:30:01.057

Modified: 2024-11-21T01:11:18.797

Link: CVE-2010-0006

Redhat

Severity : Important

Publid Date: 2009-01-14T00:00:00Z

Links: CVE-2010-0006 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-01-14T00:00:00", "descriptions": [{"lang": "en", "value": "The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-02-24T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "37810", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37810"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=300951"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.4"}, {"name": "61876", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/61876"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://security-tracker.debian.org/tracker/CVE-2010-0006"}, {"name": "FEDORA-2010-0919", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html"}, {"name": "38168", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38168"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555217"}, {"name": "[linux-netdev] 20100114 [PATCH]: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo().", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=linux-netdev&m=126343325807340&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://cert.fi/en/reports/2010/vulnerability341748.html"}, {"name": "38333", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38333"}, {"name": "[oss-security] 20100114 CVE-2010-0006 - kernel: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo()", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/01/14/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2570a4f5428bcdb1077622342181755741e7fa60"}, {"name": "SUSE-SA:2010:010", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:30:47.191Z"}, "title": "CVE Program Container", "references": [{"name": "37810", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37810"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=300951"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.4"}, {"name": "61876", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/61876"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://security-tracker.debian.org/tracker/CVE-2010-0006"}, {"name": "FEDORA-2010-0919", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html"}, {"name": "38168", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38168"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555217"}, {"name": "[linux-netdev] 20100114 [PATCH]: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo().", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=linux-netdev&m=126343325807340&w=2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://cert.fi/en/reports/2010/vulnerability341748.html"}, {"name": "38333", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38333"}, {"name": "[oss-security] 20100114 CVE-2010-0006 - kernel: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo()", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/01/14/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2570a4f5428bcdb1077622342181755741e7fa60"}, {"name": "SUSE-SA:2010:010", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-0006", "datePublished": "2010-01-26T18:00:00", "dateReserved": "2009-12-14T00:00:00", "dateUpdated": "2024-08-07T00:30:47.191Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FBF58C6-C6A3-4090-9752-D525F9A18357", "versionEndExcluding": "2.6.32.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567."}, {"lang": "es", "value": "La funci\u00f3n ipv6_hop_jumbo en net/ipv6/exthdrs.c en el kernel de Linux en versiones anteriores a 2.6.32.4, cuando los espacios de nombres de red est\u00e1n activados, permite a atacantes remotos producir una denegaci\u00f3n de servicio (desreferencia a un puntero NULL) a trav\u00e9s de un jumbograma IPv6 no valido, una vulnerabilidad relacionada con CVE-2007-4567."}], "id": "CVE-2010-0006", "lastModified": "2024-11-21T01:11:18.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-01-26T18:30:01.057", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=300951"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://cert.fi/en/reports/2010/vulnerability341748.html"}, {"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2570a4f5428bcdb1077622342181755741e7fa60"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=linux-netdev&m=126343325807340&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/38168"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/38333"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security-tracker.debian.org/tracker/CVE-2010-0006"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.4"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/01/14/2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.osvdb.org/61876"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/37810"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555217"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=300951"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://cert.fi/en/reports/2010/vulnerability341748.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2570a4f5428bcdb1077622342181755741e7fa60"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=linux-netdev&m=126343325807340&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/38168"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/38333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security-tracker.debian.org/tracker/CVE-2010-0006"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/01/14/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.osvdb.org/61876"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/37810"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555217"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not have support for network namespaces, and did not include upstream commit 483a47d2 that introduced the problem.", "lastModified": "2010-01-28T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}