PT-2007-3096 · Linux · Linux Kernel

Published

2007-03-28

Updated

2018-10-16

CVE-2007-1730

CVSS v2.0

6.6

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.20 and later

Description: The issue is related to an integer signedness error in the DCCP support within the Linux kernel. This error occurs in the do dccp getsockopt function in net/dccp/proto.c, allowing local users to potentially read kernel memory or cause a denial of service. The exploitation is possible via a negative optlen value.

Recommendations: For Linux kernel versions 2.6.20 and later, consider applying a patch that fixes the integer signedness error in the do dccp getsockopt function to prevent potential exploitation. As a temporary workaround, restrict access to the do dccp getsockopt function to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1730

Affected Products

Linux Kernel

PT-2007-3096 · Linux · Linux Kernel

CVE-2007-1730

Related Identifiers

Affected Products

References · 13