Vulnerabilities > CVE-2008-3686 - Resource Management Errors vulnerability in Linux Kernel 2.6.26/2.6.26.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 |
Common Weakness Enumeration (CWE)
Statements
contributor | Tomas Hoger |
lastmodified | 2008-08-18 |
organization | Red Hat |
statement | Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. |
References
- http://lkml.org/lkml/2008/8/7/230
- http://lkml.org/lkml/2008/8/8/7
- http://secunia.com/advisories/31579
- http://www.vupen.com/english/advisories/2008/2422
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44605
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5e0115e500fe9dd2ca11e6f92db9123204f1327a