CVE-2010-4805
Priority
Low
Description
The socket implementation in net/core/sock.c in the Linux kernel before
2.6.35 does not properly manage a backlog of received packets, which allows
remote attackers to cause a denial of service by sending a large amount of
network traffic, related to the sk_add_backlog function and the
sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2010-4251.
2.6.35 does not properly manage a backlog of received packets, which allows
remote attackers to cause a denial of service by sending a large amount of
network traffic, related to the sk_add_backlog function and the
sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2010-4251.
Ubuntu-Description
Alex Shi and Eric Dumazet discovered that the network stack did not
correctly handle packet backlogs. A remote attacker could exploit this by
sending a large amount of network traffic to cause the system to run out of
memory, leading to a denial of service.
correctly handle packet backlogs. A remote attacker could exploit this by
sending a large amount of network traffic to cause the system to run out of
memory, leading to a denial of service.
References
Package
| Upstream: | released (2.6.35~rc1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (3.2.0-1600.1) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (3.2.0-1602.5) |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | released (2.6.35~rc1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | released (2.6.35~rc1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.32-318.37) |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | released (2.6.35~rc1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | released (2.6.35~rc1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected (2.6.38-1.27~lucid1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Patches:
Package
| Upstream: | released (2.6.35~rc1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.32-218.35) |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | released (2.6.35~rc1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected (2.6.35-1.1~lucid1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | released (2.6.35~rc1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.32-34.73) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (2.6.39-0.0) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (2.6.39-0.0) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (2.6.39-0.0) |
| Ubuntu 13.10 (Saucy Salamander): | not-affected (2.6.39-0.0) |
Patches:
| Upstream: | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=c377411f2494a931ff7facdbb3a6839b1266bcf6 |
Package
| Upstream: | released (2.6.35~rc1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (2.6.38-1309.13) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (2.6.38-1309.13) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (2.6.38-1309.13) |
| Ubuntu 13.10 (Saucy Salamander): | not-affected (2.6.38-1309.13) |
Package
| Upstream: | released (2.6.35~rc1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.6.31-610.27) |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | released (2.6.35~rc1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |