ID

VAR-201001-0163


CVE

CVE-2010-0006


TITLE

Linux Kernel 'ipv6_hop_jumbo()' Remote denial of service vulnerability

Trust: 0.9

sources: CNNVD: CNNVD-201001-263 // BID: 37810

DESCRIPTION

The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567. Linux The kernel IPv6 jumbogram There is a vulnerability in the processing of. Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users. ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA38168 VERIFY ADVISORY: http://secunia.com/advisories/38168/ DESCRIPTION: Fedora has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Successful exploitation requires that network namespaces are enabled. SOLUTION: Apply updated packages via the yum utility ("yum update kernel"). ORIGINAL ADVISORY: FEDORA-2010-0823: https://admin.fedoraproject.org/updates/F12/FEDORA-2010-0823 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2010-0006 // JVNDB: JVNDB-2010-001087 // BID: 37810 // PACKETSTORM: 85473

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:ltversion:2.6.32.4

Trust: 1.8

vendor:linuxmodel:kernelscope:eqversion:2.6.32.3

Trust: 0.9

vendor:linuxmodel:kernelscope:eqversion:2.6.32

Trust: 0.9

vendor:linuxmodel:kernelscope:eqversion:2.6.32.2

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion:2.6.32.1

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion:2.6.32.4

Trust: 0.6

vendor:windmodel:river systems linuxscope:eqversion:3.1

Trust: 0.3

vendor:windmodel:river systems linuxscope:eqversion:3.0

Trust: 0.3

vendor:windmodel:river systems linuxscope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.2

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.315

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.31.2

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.31.11

Trust: 0.3

vendor:linuxmodel:kernel -rc7scope:eqversion:2.6.31

Trust: 0.3

vendor:linuxmodel:kernel -rc6scope:eqversion:2.6.31

Trust: 0.3

vendor:linuxmodel:kernel -rc3scope:eqversion:2.6.31

Trust: 0.3

vendor:linuxmodel:kernel -rc1scope:eqversion:2.6.31

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.31

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.30.10

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.30.1

Trust: 0.3

vendor:linuxmodel:kernel -rc6scope:eqversion:2.6.30

Trust: 0.3

vendor:linuxmodel:kernel -rc5scope:eqversion:2.6.30

Trust: 0.3

vendor:linuxmodel:kernel -rc3scope:eqversion:2.6.30

Trust: 0.3

vendor:linuxmodel:kernel -rc2scope:eqversion:2.6.30

Trust: 0.3

vendor:linuxmodel:kernel -rc1scope:eqversion:2.6.30

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.30

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.29.4

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.29.1

Trust: 0.3

vendor:linuxmodel:kernel -git8scope:eqversion:2.6.29

Trust: 0.3

vendor:linuxmodel:kernel -git14scope:eqversion:2.6.29

Trust: 0.3

vendor:linuxmodel:kernel -git1scope:eqversion:2.6.29

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.29

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.9

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.8

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.6

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.5

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.3

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.2

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.1

Trust: 0.3

vendor:linuxmodel:kernel -rc7scope:eqversion:2.6.28

Trust: 0.3

vendor:linuxmodel:kernel -rc5scope:eqversion:2.6.28

Trust: 0.3

vendor:linuxmodel:kernel -rc1scope:eqversion:2.6.28

Trust: 0.3

vendor:linuxmodel:kernel -git7scope:eqversion:2.6.28

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.276

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.273

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.2712

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.27.8

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.27.5

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.27.24

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.27.14

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.27.13

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.27.12

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.27

Trust: 0.3

vendor:linuxmodel:kernel 2.6.33-rc4scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.32-rc8scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.32-rc7scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.32-rc5scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.32-rc4scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.32-rc3scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.32-rc2scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.32-rc1scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.31.6

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.31.4

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.31.1

Trust: 0.3

vendor:linuxmodel:kernel 2.6.31-rc9scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.31-rc8scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.31-rc5-git3scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.31-rc4scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.31-rc2scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.31-git11scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.30.5

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.30.4

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.30.3

Trust: 0.3

vendor:linuxmodel:kernel 2.6.29-rc2-git1scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.29-rc2scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.29-rc1scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.4

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.10

Trust: 0.3

vendor:linuxmodel:kernel 2.6.27-git3scope: - version: -

Trust: 0.3

vendor:avayamodel:desktop video devicescope:eqversion:1.0

Trust: 0.3

sources: NVD: CVE-2010-0006 // CNNVD: CNNVD-201001-263 // JVNDB: JVNDB-2010-001087 // BID: 37810

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2010-0006
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201001-263
value: HIGH

Trust: 0.6

NVD: CVE-2010-0006
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.8

sources: NVD: CVE-2010-0006 // CNNVD: CNNVD-201001-263 // JVNDB: JVNDB-2010-001087

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: NVD: CVE-2010-0006 // JVNDB: JVNDB-2010-001087

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201001-263

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201001-263

CONFIGURATIONS

sources: NVD: CVE-2010-0006

PATCH

title:ChangeLog-2.6.32.4url:http://www.kernel.org/pub/linux/kernel/v2.6/changelog-2.6.32.4

Trust: 0.8

sources: JVNDB: JVNDB-2010-001087

EXTERNAL IDS

db:BIDid:37810

Trust: 2.7

db:NVDid:CVE-2010-0006

Trust: 2.7

db:OSVDBid:61876

Trust: 2.4

db:SECUNIAid:38168

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2010/01/14/2

Trust: 1.6

db:SECUNIAid:38333

Trust: 1.6

db:JVNDBid:JVNDB-2010-001087

Trust: 0.8

db:FEDORAid:FEDORA-2010-0919

Trust: 0.6

db:NSFOCUSid:14412

Trust: 0.6

db:MLISTid:[LINUX-NETDEV] 20100114 [PATCH]: IPV6: SKB_DST() CAN BE NULL IN IPV6_HOP_JUMBO().

Trust: 0.6

db:MLISTid:[OSS-SECURITY] 20100114 CVE-2010-0006 - KERNEL: IPV6: SKB_DST() CAN BE NULL IN IPV6_HOP_JUMBO()

Trust: 0.6

db:CNNVDid:CNNVD-201001-263

Trust: 0.6

db:PACKETSTORMid:85473

Trust: 0.1

sources: NVD: CVE-2010-0006 // CNNVD: CNNVD-201001-263 // JVNDB: JVNDB-2010-001087 // BID: 37810 // PACKETSTORM: 85473

REFERENCES

url:http://www.securityfocus.com/bid/37810

Trust: 2.4

url:http://www.osvdb.org/61876

Trust: 2.4

url:http://marc.info/?l=linux-netdev&m=126343325807340&w=2

Trust: 1.9

url:http://lists.fedoraproject.org/pipermail/package-announce/2010-january/034250.html

Trust: 1.6

url:http://secunia.com/advisories/38333

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2010/01/14/2

Trust: 1.6

url:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2570a4f5428bcdb1077622342181755741e7fa60

Trust: 1.6

url:http://www.kernel.org/pub/linux/kernel/v2.6/changelog-2.6.32.4

Trust: 1.6

url:https://bugzilla.redhat.com/show_bug.cgi?id=555217

Trust: 1.6

url:http://secunia.com/advisories/38168

Trust: 1.6

url:http://bugs.gentoo.org/show_bug.cgi?id=300951

Trust: 1.6

url:http://security-tracker.debian.org/tracker/cve-2010-0006

Trust: 1.6

url:http://cert.fi/en/reports/2010/vulnerability341748.html

Trust: 1.6

url:http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html

Trust: 1.0

url:http://www.cert.fi/en/reports/2010/vulnerability341748.html

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0006

Trust: 0.8

url:http://jvn.jp/cert/jvnvu571860/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0006

Trust: 0.8

url:http://www.nsfocus.net/vulndb/14412

Trust: 0.6

url:http://www.kernel.org/

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100141285

Trust: 0.3

url:http://www.ubuntu.com/usn/usn-894-1

Trust: 0.3

url:http://secunia.com/blog/71/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:https://admin.fedoraproject.org/updates/f12/fedora-2010-0823

Trust: 0.1

url:http://secunia.com/advisories/38168/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: NVD: CVE-2010-0006 // CNNVD: CNNVD-201001-263 // JVNDB: JVNDB-2010-001087 // BID: 37810 // PACKETSTORM: 85473

CREDITS

Olli Jarva Tuomo Untinen

Trust: 0.6

sources: CNNVD: CNNVD-201001-263

SOURCES

db:NVDid:CVE-2010-0006
db:CNNVDid:CNNVD-201001-263
db:JVNDBid:JVNDB-2010-001087
db:BIDid:37810
db:PACKETSTORMid:85473

LAST UPDATE DATE

2021-12-18T21:59:59.281000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2010-0006date:2018-11-13T16:41:00
db:CNNVDid:CNNVD-201001-263date:2010-01-27T00:00:00
db:JVNDBid:JVNDB-2010-001087date:2014-04-01T00:00:00
db:BIDid:37810date:2015-05-07T17:09:00
db:PACKETSTORMid:85473date: -

SOURCES RELEASE DATE

db:NVDid:CVE-2010-0006date:2010-01-26T18:30:00
db:CNNVDid:CNNVD-201001-263date:2010-01-26T00:00:00
db:JVNDBid:JVNDB-2010-001087date:2010-02-26T00:00:00
db:BIDid:37810date:2010-01-14T00:00:00
db:PACKETSTORMid:85473date:2010-01-21T10:22:03