CVE-2008-3276

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.17-rc1 through 2.6.26.2 linux-headers-2.6.24-etchnhalf.1-all-mips linux-headers-2.6.24-etchnhalf.1-r4k-ip22 linux-headers-2.6.24-etchnhalf.1-r5k-ip32 linux-image-2.6.24-etchnhalf.1-r5k-ip32 linux-image-2.6.24-etchnhalf.1-r4k-ip22 kernel-rt debug-debugsource kernel-rt debug-debuginfo kernel-rt-debuginfo kernel-rt-debugsource

Description The issue is related to multiple vulnerabilities in the Linux kernel and associated packages, which can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. Specifically, an integer overflow in the dccp setsockopt change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem allows remote attackers to cause a denial of service (panic) via a crafted integer value.

Recommendations For Linux kernel versions 2.6.17-rc1 through 2.6.26.2, consider disabling the dccp setsockopt change function as a temporary workaround until a patch is available. For linux-headers-2.6.24-etchnhalf.1-all-mips, linux-headers-2.6.24-etchnhalf.1-r4k-ip22, and linux-headers-2.6.24-etchnhalf.1-r5k-ip32, restrict access to these packages to minimize the risk of exploitation. For linux-image-2.6.24-etchnhalf.1-r5k-ip32 and linux-image-2.6.24-etchnhalf.1-r4k-ip22, avoid using these images until the issue is resolved. For kernel-rt debug-debugsource, kernel-rt debug-debuginfo, kernel-rt-debuginfo, and kernel-rt-debugsource, consider disabling or restricting the use of these packages until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.