#VU95255 Null pointer dereference in Linux kernel - CVE-2007-2876


| Updated: 2018-10-30

Vulnerability identifier: #VU95255

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2007-2876

CWE-ID: CWE-476

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://marc.info/?l=linux-kernel&m=118128610219959&w=2
https://marc.info/?l=linux-kernel&m=118128622431272&w=2
https://osvdb.org/37112
https://rhn.redhat.com/errata/RHSA-2007-0488.html
https://secunia.com/advisories/25838
https://secunia.com/advisories/25961
https://secunia.com/advisories/26133
https://secunia.com/advisories/26139
https://secunia.com/advisories/26289
https://secunia.com/advisories/26450
https://secunia.com/advisories/26620
https://secunia.com/advisories/26664
https://secunia.com/advisories/26760
https://secunia.com/advisories/27227
https://support.avaya.com/elmodocs2/security/ASA-2007-287.htm
https://www.debian.org/security/2007/dsa-1356
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4
https://www.mandriva.com/security/advisories?name=MDKSA-2007:171
https://www.mandriva.com/security/advisories?name=MDKSA-2007:196
https://www.novell.com/linux/security/advisories/2007_43_kernel.html
https://www.novell.com/linux/security/advisories/2007_51_kernel.html
https://www.novell.com/linux/security/advisories/2007_53_kernel.html
https://www.redhat.com/support/errata/RHSA-2007-0705.html
https://www.securityfocus.com/bid/24376
https://www.ubuntu.com/usn/usn-486-1
https://www.ubuntu.com/usn/usn-489-1
https://www.ubuntu.com/usn/usn-510-1
https://www.vupen.com/english/advisories/2007/2105
https://exchange.xforce.ibmcloud.com/vulnerabilities/34777
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10116

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Null pointer dereference in Linux kernel