PT-2007-2430 · Linux+1 · Linux Kernel+1

Chris Wright

Published

2007-03-12

Updated

2017-10-11

CVE-2007-1000

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.20.2

Description: The issue allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference, specifically through the ipv6 getsockopt sticky function in net/ipv6/ipv6 sockglue.c.

Recommendations: For versions prior to 2.6.20.2, update to version 2.6.20.2 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1000

RHSA-2007:0169

RHSA-2007_0169

Affected Products

Linux Kernel

Red Hat

PT-2007-2430 · Linux+1 · Linux Kernel+1

CVE-2007-1000

Related Identifiers

Affected Products

References · 32