Mark Smith

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.4.x through 2.4.37.6 Linux kernel versions 2.6.x through 2.6.31 Description: A memory leak issue exists in the appletalk subsystem of the Linux kernel. This occurs when the appletalk and ipddp modules are loaded, but the ipddp"N" device is not found. As a result, remote attackers can cause a denial of service by consuming memory via IP-DDP datagrams. Recommendations: For Linux kernel versions 2.4.x through 2.4.37.6, consider disabling the appletalk and ipddp modules until a patch is available. For Linux kernel versions 2.6.x through 2.6.31, consider disabling the appletalk and ipddp modules until a patch is available. As a temporary workaround, restrict access to the ipddp module to minimize the risk of exploitation.