- Description
- Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-189
- Hype score
- Not currently trending
- Comment
- -
- Impact
- -
- Solution
- -
- Red HatThis issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0519.html
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E86E13B-EC92-47F3-94A9-DB515313011D"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "179147E4-5247-451D-9409-545D661BC158"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6940324-0383-4510-BA55-770E0A6B80B7"
}
],
"operator": "OR"
}
]
}
]