CVE-2004-1137

2005-01-1000:00:00

ubuntu.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.332 Low

EPSS

Percentile

97.0%

JSON

Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22
to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a
denial of service or execute arbitrary code via (1) the ip_mc_source
function, which decrements a counter to -1, or (2) the igmp_marksources
function, which does not properly validate IGMP message parameters and
performs an out-of-bounds read.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchkernel-source-2.4.27< 2.4.27-12UNKNOWN
ubuntu6.10noarchkernel-source-2.4.27< 2.4.27-12UNKNOWN
ubuntu6.06noarchlinux-source-2.6.15< 2.6.15-29.58UNKNOWN
ubuntu6.10noarchlinux-source-2.6.17< 2.6.17.1-12.40UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	kernel-source-2.4.27	< 2.4.27-12	UNKNOWN
ubuntu	6.10	noarch	kernel-source-2.4.27	< 2.4.27-12	UNKNOWN
ubuntu	6.06	noarch	linux-source-2.6.15	< 2.6.15-29.58	UNKNOWN
ubuntu	6.10	noarch	linux-source-2.6.17	< 2.6.17.1-12.40	UNKNOWN