PT-2010-1342 · Linux+1 · Linux Kernel+1

Konstantin Khorenko

Published

2010-01-19

Updated

2024-02-15

CVE-2009-4272

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel version 2.6.18 on Red Hat Enterprise Linux (RHEL) 5

Description The issue allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, triggering a routing "emergency" in which a hash chain is too long. This is related to an issue in the Linux kernel before 2.6.31, involving an uninitialized pointer and a panic when the kernel routing cache is disabled.

Recommendations For Linux kernel version 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, consider applying the Red Hat patch to resolve the issue. As a temporary workaround, restrict access to the network to minimize the risk of exploitation.

Exploit

Fix

DoS

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

CVE-2009-4272

RHSA-2010:0046

RHSA-2010:0095

RHSA-2010_0046

Affected Products

Linux Kernel

Red Hat

PT-2010-1342 · Linux+1 · Linux Kernel+1

CVE-2009-4272

Weakness Enumeration

Related Identifiers

Affected Products

References · 39