CVE-2008-2136

Priority
Low
Description
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel
2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to
cause a denial of service (memory consumption) via network traffic to a
Simple Internet Transition (SIT) tunnel interface, related to the
pskb_may_pull and kfree_skb functions, and management of an skb reference
count.
Ubuntu-Description
Paul Marks discovered that the SIT interfaces did not correctly manage
allocated memory. A remote attacker could exploit this to fill all
available memory, leading to a denial of service.
References
Assigned-to
kees
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (2.6.24-19.36)
Patches:
Upstream:36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:18:48 UTC (commit 5347)