Sign-up

ID

VAR-201001-0163


CVE

CVE-2010-0006


TITLE

Linux Kernel 'ipv6_hop_jumbo()' Remote denial of service vulnerability

Trust: 0.9

sources: CNNVD: CNNVD-201001-263 // BID: 37810

DESCRIPTION

The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567. Linux The kernel IPv6 jumbogram There is a vulnerability in the processing of. Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users. ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA38168 VERIFY ADVISORY: http://secunia.com/advisories/38168/ DESCRIPTION: Fedora has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Successful exploitation requires that network namespaces are enabled. SOLUTION: Apply updated packages via the yum utility ("yum update kernel"). ORIGINAL ADVISORY: FEDORA-2010-0823: https://admin.fedoraproject.org/updates/F12/FEDORA-2010-0823 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2010-0006 // JVNDB: JVNDB-2010-001087 // BID: 37810 // PACKETSTORM: 85473

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:ltversion:2.6.32.4

Trust: 1.8

vendor:linuxmodel:kernelscope:eqversion:2.6.32.3

Trust: 0.9

vendor:linuxmodel:kernelscope:eqversion:2.6.32

Trust: 0.9

vendor:linuxmodel:kernelscope:eqversion:2.6.32.2

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion:2.6.32.1

Trust: 0.6

vendor:linuxmodel:kernelscope:eqversion:2.6.32.4

Trust: 0.6

vendor:windmodel:river systems linuxscope:eqversion:3.1

Trust: 0.3

vendor:windmodel:river systems linuxscope:eqversion:3.0

Trust: 0.3

vendor:windmodel:river systems linuxscope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.2

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.315

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.31.2

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.31.11

Trust: 0.3

vendor:linuxmodel:kernel -rc7scope:eqversion:2.6.31

Trust: 0.3

vendor:linuxmodel:kernel -rc6scope:eqversion:2.6.31

Trust: 0.3

vendor:linuxmodel:kernel -rc3scope:eqversion:2.6.31

Trust: 0.3

vendor:linuxmodel:kernel -rc1scope:eqversion:2.6.31

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.31

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.30.10

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.30.1

Trust: 0.3

vendor:linuxmodel:kernel -rc6scope:eqversion:2.6.30

Trust: 0.3

vendor:linuxmodel:kernel -rc5scope:eqversion:2.6.30

Trust: 0.3

vendor:linuxmodel:kernel -rc3scope:eqversion:2.6.30

Trust: 0.3

vendor:linuxmodel:kernel -rc2scope:eqversion:2.6.30

Trust: 0.3

vendor:linuxmodel:kernel -rc1scope:eqversion:2.6.30

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.30

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.29.4

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.29.1

Trust: 0.3

vendor:linuxmodel:kernel -git8scope:eqversion:2.6.29

Trust: 0.3

vendor:linuxmodel:kernel -git14scope:eqversion:2.6.29

Trust: 0.3

vendor:linuxmodel:kernel -git1scope:eqversion:2.6.29

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.29

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.9

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.8

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.6

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.5

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.3

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.2

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.1

Trust: 0.3

vendor:linuxmodel:kernel -rc7scope:eqversion:2.6.28

Trust: 0.3

vendor:linuxmodel:kernel -rc5scope:eqversion:2.6.28

Trust: 0.3

vendor:linuxmodel:kernel -rc1scope:eqversion:2.6.28

Trust: 0.3

vendor:linuxmodel:kernel -git7scope:eqversion:2.6.28

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.276

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.273

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.2712

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.27.8

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.27.5

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.27.24

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.27.14

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.27.13

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.27.12

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.27

Trust: 0.3

vendor:linuxmodel:kernel 2.6.33-rc4scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.32-rc8scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.32-rc7scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.32-rc5scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.32-rc4scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.32-rc3scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.32-rc2scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.32-rc1scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.31.6

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.31.4

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.31.1

Trust: 0.3

vendor:linuxmodel:kernel 2.6.31-rc9scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.31-rc8scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.31-rc5-git3scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.31-rc4scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.31-rc2scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.31-git11scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.30.5

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.30.4

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.30.3

Trust: 0.3

vendor:linuxmodel:kernel 2.6.29-rc2-git1scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.29-rc2scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernel 2.6.29-rc1scope: - version: -

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.4

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.28.10

Trust: 0.3

vendor:linuxmodel:kernel 2.6.27-git3scope: - version: -

Trust: 0.3

vendor:avayamodel:desktop video devicescope:eqversion:1.0

Trust: 0.3

sources: NVD: CVE-2010-0006 // CNNVD: CNNVD-201001-263 // JVNDB: JVNDB-2010-001087 // BID: 37810

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2010-0006
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201001-263
value: HIGH

Trust: 0.6

NVD: CVE-2010-0006
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.8

sources: NVD: CVE-2010-0006 // CNNVD: CNNVD-201001-263 // JVNDB: JVNDB-2010-001087

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: NVD: CVE-2010-0006 // JVNDB: JVNDB-2010-001087

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201001-263

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201001-263

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2010-0006

PATCH
title:ChangeLog-2.6.32.4url:http://www.kernel.org/pub/linux/kernel/v2.6/changelog-2.6.32.4
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001087

EXTERNAL IDS
db:BIDid:37810
Trust: 2.7
db:NVDid:CVE-2010-0006
Trust: 2.7
db:OSVDBid:61876
Trust: 2.4
db:SECUNIAid:38168
Trust: 1.7
db:OPENWALLid:OSS-SECURITY/2010/01/14/2
Trust: 1.6
db:SECUNIAid:38333
Trust: 1.6
db:JVNDBid:JVNDB-2010-001087
Trust: 0.8
db:FEDORAid:FEDORA-2010-0919
Trust: 0.6
db:NSFOCUSid:14412
Trust: 0.6
db:MLISTid:[LINUX-NETDEV] 20100114 [PATCH]: IPV6: SKB_DST() CAN BE NULL IN IPV6_HOP_JUMBO().
Trust: 0.6
db:MLISTid:[OSS-SECURITY] 20100114 CVE-2010-0006 - KERNEL: IPV6: SKB_DST() CAN BE NULL IN IPV6_HOP_JUMBO()
Trust: 0.6
db:CNNVDid:CNNVD-201001-263
Trust: 0.6
db:PACKETSTORMid:85473
Trust: 0.1
sources:
            
            
            NVD: CVE-2010-0006 // 
            
            
            
            CNNVD: CNNVD-201001-263 // 
            
            
            
            JVNDB: JVNDB-2010-001087 // 
            
            
            
            BID: 37810 // 
            
            
            
            PACKETSTORM: 85473

REFERENCES
url:http://www.securityfocus.com/bid/37810
Trust: 2.4
url:http://www.osvdb.org/61876
Trust: 2.4
url:http://marc.info/?l=linux-netdev&m=126343325807340&w=2
Trust: 1.9
url:http://lists.fedoraproject.org/pipermail/package-announce/2010-january/034250.html
Trust: 1.6
url:http://secunia.com/advisories/38333
Trust: 1.6
url:http://www.openwall.com/lists/oss-security/2010/01/14/2
Trust: 1.6
url:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2570a4f5428bcdb1077622342181755741e7fa60
Trust: 1.6
url:http://www.kernel.org/pub/linux/kernel/v2.6/changelog-2.6.32.4
Trust: 1.6
url:https://bugzilla.redhat.com/show_bug.cgi?id=555217
Trust: 1.6
url:http://secunia.com/advisories/38168
Trust: 1.6
url:http://bugs.gentoo.org/show_bug.cgi?id=300951
Trust: 1.6
url:http://security-tracker.debian.org/tracker/cve-2010-0006
Trust: 1.6
url:http://cert.fi/en/reports/2010/vulnerability341748.html
Trust: 1.6
url:http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html
Trust: 1.0
url:http://www.cert.fi/en/reports/2010/vulnerability341748.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0006
Trust: 0.8
url:http://jvn.jp/cert/jvnvu571860/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0006
Trust: 0.8
url:http://www.nsfocus.net/vulndb/14412
Trust: 0.6
url:http://www.kernel.org/
Trust: 0.3
url:http://support.avaya.com/css/p8/documents/100141285
Trust: 0.3
url:http://www.ubuntu.com/usn/usn-894-1
Trust: 0.3
url:http://secunia.com/blog/71/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:https://admin.fedoraproject.org/updates/f12/fedora-2010-0823
Trust: 0.1
url:http://secunia.com/advisories/38168/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            NVD: CVE-2010-0006 // 
            
            
            
            CNNVD: CNNVD-201001-263 // 
            
            
            
            JVNDB: JVNDB-2010-001087 // 
            
            
            
            BID: 37810 // 
            
            
            
            PACKETSTORM: 85473

CREDITS
Olli Jarva
Tuomo Untinen
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201001-263

SOURCES
db:NVDid:CVE-2010-0006
db:CNNVDid:CNNVD-201001-263
db:JVNDBid:JVNDB-2010-001087
db:BIDid:37810
db:PACKETSTORMid:85473

LAST UPDATE DATE
2021-12-18T21:59:59.281000+00:00

SOURCES UPDATE DATE
db:NVDid:CVE-2010-0006date:2018-11-13T16:41:00
db:CNNVDid:CNNVD-201001-263date:2010-01-27T00:00:00
db:JVNDBid:JVNDB-2010-001087date:2014-04-01T00:00:00
db:BIDid:37810date:2015-05-07T17:09:00
db:PACKETSTORMid:85473date: - 

SOURCES RELEASE DATE
db:NVDid:CVE-2010-0006date:2010-01-26T18:30:00
db:CNNVDid:CNNVD-201001-263date:2010-01-26T00:00:00
db:JVNDBid:JVNDB-2010-001087date:2010-02-26T00:00:00
db:BIDid:37810date:2010-01-14T00:00:00
db:PACKETSTORMid:85473date:2010-01-21T10:22:03