CVE-2004-1137

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.4.22 through 2.4.28 Linux kernel versions 2.6.x through 2.6.9

Description: The issue concerns multiple vulnerabilities in the IGMP functionality, allowing local and remote attackers to cause a denial of service or execute arbitrary code. This is achieved through two main functions: the ip mc source function, which can decrement a counter to -1, and the igmp marksources function, which fails to properly validate IGMP message parameters and performs an out-of-bounds read.

Recommendations: For Linux kernel versions 2.4.22 through 2.4.28, consider upgrading to a version outside of this range to mitigate the risk. For Linux kernel versions 2.6.x through 2.6.9, consider upgrading to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the IGMP functionality until a patch is available.