The Linux Kernel contains a vulnerability that may allow a remote attacker to create a denial-of-service condition.
Internet Protocol version 6 (IPv6) is a IP standard that is designed to replace the Internet Protocol version 4 (IPv4). The Linux kernel provides IPv6 support, and Linux vendors may enable IPv6 by default.
The Linux kernel contains a condition that may allow a null pointer to be dereferenced during a memory allocation by the ipv6_getsockopt_sticky() function in net/ipv6/ipv6_sockglue.c. Note that this vulnerability may be present in both the 2.4 and 2.6 versions of the Linux kernel.
A remote unauthenticated attacker may be able to cause the kernel to panic (Oops) on a vulnerable system, thereby creating a denial of service.. If the vulnerable software is running on a server, all clients that rely on the server will also be affected.
Thanks to Chris Wright for information that was used in this report.
This document was written by Ryan Giobbi.
|Date First Published:||2007-03-13|
|Date Last Updated:||2007-03-13 19:20 UTC|