CVE-2011-1770
Published: 24 June 2011
Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.
From the Ubuntu Security Team
Dan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
| lucid |
Released
(2.6.32-33.64)
|
|
| maverick |
Released
(2.6.35-30.57)
|
|
| natty |
Released
(2.6.38-10.44)
|
|
| upstream |
Released
(2.6.39)
|
|
|
Patches: Introduced by e77b8363b2ea7c0d89919547c1a8b0562f298b57 |
||
|
linux-ec2 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(2.6.32-317.32)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.39)
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(2.6.31-610.27)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.39)
|
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(2.6.35-30.57~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.39)
|
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
(2.6.38-10.44~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.39)
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(2.6.32-217.34)
|
|
| maverick |
Released
(2.6.32-417.34)
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.39)
|
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| maverick |
Released
(2.6.35-903.23)
|
|
| natty |
Released
(2.6.38-1209.15)
|
|
| upstream |
Released
(2.6.39)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
- http://marc.info/?l=linux-kernel&m=130468845209036&w=2
- https://ubuntu.com/security/notices/USN-1167-1
- https://ubuntu.com/security/notices/USN-1161-1
- https://ubuntu.com/security/notices/USN-1159-1
- https://ubuntu.com/security/notices/USN-1168-1
- https://ubuntu.com/security/notices/USN-1162-1
- https://ubuntu.com/security/notices/USN-1202-1
- https://ubuntu.com/security/notices/USN-1205-1
- https://ubuntu.com/security/notices/USN-1201-1
- https://ubuntu.com/security/notices/USN-1204-1
- https://ubuntu.com/security/notices/USN-1212-1
- https://www.cve.org/CVERecord?id=CVE-2011-1770
- NVD
- Launchpad
- Debian