CVE-2010-4165 (retired)

Priority
Description
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before
2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which
allows local users to cause a denial of service (OOPS) via a setsockopt
call that specifies a small value, leading to a divide-by-zero error or
incorrect use of a signed integer.
Ubuntu-Description
Steve Chen discovered that setsockopt did not correctly check MSS values. A
local attacker could make a specially crafted socket call to crash the
system, leading to a denial of service.
Notes
 mdeslaur> introduced by http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f5fff5dc8a7a3f395b0525c02ba92c95d42b7390
 jdstrand> commit introduced in 2008/09/21. Dapper not affected
  2.6.15-57.94. Marking back to 'needed'
Assigned-to
bradf
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
More Information

Updated: 2019-03-26 11:53:55 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)