CVE-2008-2136

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux kernel versions 2.4.9 through 2.4.18 Linux kernel versions prior to 2.4.36.5 Linux kernel versions prior to 2.6.25.3

Description The issue involves multiple vulnerabilities in the Linux kernel of Red Hat Enterprise Linux, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service due to memory consumption via network traffic to a Simple Internet Transition (SIT) tunnel interface. The vulnerabilities are related to the management of an skb reference count and the pskb may pull and kfree skb functions.

Recommendations For Red Hat Enterprise Linux kernel versions 2.4.9 through 2.4.18, update to a version later than 2.4.18 to resolve the issue. For Linux kernel versions prior to 2.4.36.5, update to version 2.4.36.5 or later. For Linux kernel versions prior to 2.6.25.3, update to version 2.6.25.3 or later. As a temporary workaround, consider restricting access to the SIT tunnel interface to minimize the risk of exploitation.