CVE-2007-4567

Impact:
Important
Public Date:
2007-09-07
CWE:
CWE-228->CWE-119
Bugzilla:
548641: CVE-2007-4567 kernel: ipv6_hop_jumbo remote system crash

The MITRE CVE dictionary describes this issue as:

The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.

Find out more about CVE-2007-4567 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit a11d206d that introduced the problem.

This upstream commit was backported in Red Hat Enterprise Linux 5 via RHBA-2008:0314. It was reported and addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0019.html

CVSS v2 metrics

Base Score 7.8
Base Metrics AV:N/AC:L/Au:N/C:N/I:N/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Virtualization Hypervisor 5 (rhev-hypervisor) RHSA-2010:0095 2010-02-09
Red Hat Enterprise Linux EUS (v. 5.3 server) (kernel) RHSA-2010:0053 2010-01-20
Red Hat Enterprise Linux 5 (kernel) RHSA-2010:0019 2010-01-07
Red Hat Enterprise Linux EUS (v. 5.2 server) (kernel) RHSA-2010:0079 2010-02-02

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.