CVE-2010-4165

Priority
Description
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before
2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which
allows local users to cause a denial of service (OOPS) via a setsockopt
call that specifies a small value, leading to a divide-by-zero error or
incorrect use of a signed integer.
Ubuntu-Description
Steve Chen discovered that setsockopt did not correctly check MSS values. A
local attacker could make a specially crafted socket call to crash the
system, leading to a denial of service.
Notes
 mdeslaur> introduced by http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f5fff5dc8a7a3f395b0525c02ba92c95d42b7390
 jdstrand> commit introduced in 2008/09/21. Dapper not affected
  2.6.15-57.94. Marking back to 'needed'
Assigned-to
bradf
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
More Information

Updated: 2019-01-14 21:54:50 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)