Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-2136

Published: 16 May 2008

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.

From the Ubuntu Security Team

Paul Marks discovered that the SIT interfaces did not correctly manage allocated memory. A remote attacker could exploit this to fill all available memory, leading to a denial of service.

Priority

Low

Status

Package Release Status
linux-source-2.6.15
Launchpad, Ubuntu, Debian
upstream
Released (2.6.26~rc2)
dapper
Released (2.6.15-52.69)
feisty Does not exist

gutsy Does not exist

hardy Does not exist

linux-source-2.6.20
Launchpad, Ubuntu, Debian
upstream
Released (2.6.26~rc2)
dapper Does not exist

feisty
Released (2.6.20-17.37)
gutsy Does not exist

hardy Does not exist

linux-source-2.6.22
Launchpad, Ubuntu, Debian
upstream
Released (2.6.26~rc2)
dapper Does not exist

feisty Does not exist

gutsy
Released (2.6.22-15.56)
hardy Does not exist

linux
Launchpad, Ubuntu, Debian
upstream
Released (2.6.26~rc2)
dapper Does not exist

feisty Does not exist

gutsy Does not exist

hardy
Released (2.6.24-19.36)