Vulnerabilities > CVE-2010-0006 - NULL Pointer Dereference vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2010-0823.NASL description stable update for 2.6.31.12, includes fix for CVE-2010-0006 kernel: ipv6: skb_dst() can be NULL in ipv6_hop_jumbo() (rhbz#555217) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47198 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47198 title Fedora 12 : kernel-2.6.31.12-174.2.3.fc12 (2010-0823) NASL family SuSE Local Security Checks NASL id SUSE_11_2_KERNEL-100128.NASL description The Linux kernel for openSUSE 11.2 was updated to 2.6.31.12 to fix the following bugs and security issues : - The permission of the devtmpfs root directory was incorrectly 1777 (instead of 755). If it was used, local attackers could escalate privileges. (openSUSE 11.2 does not use this filesystem by default). (CVE-2010-0299) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939) - ebtables was lacking a CAP_NET_ADMIN check, making it possible for local unprivileged attackers to modify the network bridge management. (CVE-2010-0007) - An information leakage on fatal signals on x86_64 machines was fixed. (CVE-2010-0003) - A race condition in fasync handling could be used by local attackers to crash the machine or potentially execute code. (CVE-2009-4141) - The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram. (CVE-2010-0006) - drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. (CVE-2009-4538) last seen 2020-06-01 modified 2020-06-02 plugin id 44411 published 2010-02-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44411 title SuSE 11.2 Security Update: kernel (2010-01-28) NASL family Fedora Local Security Checks NASL id FEDORA_2010-0919.NASL description Security update: CVE-2010-0003 CVE-2010-0006 CVE-2010-0007 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47202 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47202 title Fedora 11 : kernel-2.6.30.10-105.2.4.fc11 (2010-0919) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-894-1.NASL description Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4 filesystems did not correctly check certain disk structures. If a user were tricked into mounting a specially crafted filesystem, a remote attacker could crash the system or gain root privileges. (CVE-2009-4020, CVE-2009-4308) It was discovered that FUSE did not correctly check certain requests. A local attacker with access to FUSE mounts could exploit this to crash the system or possibly gain root privileges. Ubuntu 9.10 was not affected. (CVE-2009-4021) It was discovered that KVM did not correctly decode certain guest instructions. A local attacker in a guest could exploit this to trigger high scheduling latency in the host, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-4031) It was discovered that the OHCI fireware driver did not correctly handle certain ioctls. A local attacker could exploit this to crash the system, or possibly gain root privileges. Ubuntu 6.06 was not affected. (CVE-2009-4138) Tavis Ormandy discovered that the kernel did not correctly handle O_ASYNC on locked files. A local attacker could exploit this to gain root privileges. Only Ubuntu 9.04 and 9.10 were affected. (CVE-2009-4141) Neil Horman and Eugene Teo discovered that the e1000 and e1000e network drivers did not correctly check the size of Ethernet frames. An attacker on the local network could send specially crafted traffic to bypass packet filters, crash the system, or possibly gain root privileges. (CVE-2009-4536, CVE-2009-4538) It was discovered that last seen 2020-06-01 modified 2020-06-02 plugin id 44399 published 2010-02-05 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44399 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-894-1)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 37810 CVE ID: CVE-2010-0006 Linux Kernel是开放源码操作系统Linux所使用的内核。 如果启用了网络名称空间,Linux Kernel的net/ipv6/exthdrs.c文件中的ipv6_hop_jumbo函数允许远程攻击者发送无效的IPv6超大包触发空指针引用,导致拒绝服务的情况。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2570a4f5428bcdb1077622342181755741e7fa60 |
| id | SSV:19011 |
| last seen | 2017-11-19 |
| modified | 2010-01-28 |
| published | 2010-01-28 |
| reporter | Root |
| title | Linux Kernel ipv6_hop_jumbo()函数远程拒绝服务漏洞 |
Statements
| contributor | Tomas Hoger |
| lastmodified | 2010-01-28 |
| organization | Red Hat |
| statement | Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not have support for network namespaces, and did not include upstream commit 483a47d2 that introduced the problem. |
References
- http://www.securityfocus.com/bid/37810
- http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html
- http://secunia.com/advisories/38333
- http://www.openwall.com/lists/oss-security/2010/01/14/2
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.4
- http://www.osvdb.org/61876
- https://bugzilla.redhat.com/show_bug.cgi?id=555217
- http://secunia.com/advisories/38168
- http://marc.info/?l=linux-netdev&m=126343325807340&w=2
- http://bugs.gentoo.org/show_bug.cgi?id=300951
- http://security-tracker.debian.org/tracker/CVE-2010-0006
- http://cert.fi/en/reports/2010/vulnerability341748.html
- http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2570a4f5428bcdb1077622342181755741e7fa60