CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY NOTES

VULNERABILITY NOTE

CERT-In Vulnerability Note CIVN-2008-92
Linux Kernel "pppol2tp_recvmsg()" Denial of Service Vulnerability

Original Issue Date: June 24, 2008

Severity Rating: High

System Affected

Linux Kernel Versions prior to 2.6.26-rc6

Overview

A vulnerability has been reported in Linux Kernel. A remote attacker can exploit this vulnerability to cause a Denial of Service.

Description

This vulnerability is caused due to an improper bounds checking by the “ pppol2tp_recvmsg() ” function when processing user supplied data. By sending specially crafted PPP (Point-to-Point Protocol) packets over L2TP (Layer 2 Transport Protocol); a remote attacker can exploit this vulnerability to corrupt kernel memory, thus causing a Denial of Service.

Solution

Upgrade Linux Kernel to version 2.6.26-rc6.

Version 2.6.26-rc6 is available at
http://kernel.org/pub/linux/kernel/v2.6/testing/patch
-2.6.26-rc6.bz2

Vendor Information

Kernel
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6b6707a50c7598a83820077393f8823
ab791abf8
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog
-2.6.26-rc6

References

IBM ISS
http://xforce.iss.net/xforce/xfdb/43111

SecurityFocus
http://www.securityfocus.com/bid/29747

CVE Name
CVE-2008-2750

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Vulnerability Note CIVN-2008-92 Linux Kernel "pppol2tp_recvmsg()" Denial of Service Vulnerability

CERT-In Vulnerability Note CIVN-2008-92
Linux Kernel "pppol2tp_recvmsg()" Denial of Service Vulnerability