PT-2004-2256 · Linux · Linux Kernel
Georgi Guninski
+1
·
Published
2004-12-15
·
Updated
2024-02-14
·
CVE-2004-1334
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 2.6.10
Description:
The issue is related to an integer overflow in the
ip options get function, which can be exploited by local users to cause a denial of service, resulting in a kernel crash. This is achieved by setting cmsg len to -1, leading to a buffer overflow.Recommendations:
For Linux kernel versions prior to 2.6.10, update to version 2.6.10 or later to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux Kernel