CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY NOTES

VULNERABILITY NOTE

CERT-In Vulnerability Note CIVN-2008-136
Linux Kernel "rt6_fill_node()" Denial of Service Vulnerability

Original Issue Date: August 25, 2008

Severity Rating: Medium

Systems Affected

Linux Kernel Versions 2.6.24-rc4 and later

Overview

A vulnerability has been reported in "rt6_fill_node()" function in Linux Kernel, which could be exploited by a local attacker to cause a Denial of Service.

Description

The vulnerability exists due to a NULL pointer dereference error within the "rt6_fill_node()" function in net/ipv6/route.c . This issue could be exploited by a local attacker, via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference and thus causes a Denial of Service (Kernel OOPS).

Solution

This issue is fixed in the GIT repository
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5e0115e500fe9dd2ca11e6f92db
9123204f1327a

Vendor Information

Linux Kernel
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5e0115e500fe9dd2ca11e6f92db
9123204f1327a

References

Secunia
http://secunia.com/advisories/31579/

LKML. ORG
http://lkml.org/lkml/2008/8/8/7
http://lkml.org/lkml/2008/8/7/230

CVE Name
CVE-2008-3686

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Vulnerability Note CIVN-2008-136 Linux Kernel "rt6_fill_node()" Denial of Service Vulnerability

CERT-In Vulnerability Note CIVN-2008-136
Linux Kernel "rt6_fill_node()" Denial of Service Vulnerability