The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel
before 2.6.20, and possibly other versions, allows local users to cause a
denial of service (oops) by calling setsockopt with the IPV6_RTHDR option
name and possibly a zero option length or invalid option value, which
triggers a NULL pointer dereference.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | linux-source-2.6.15 | < 2.6.15-29.58 | UNKNOWN |
ubuntu | 6.10 | noarch | linux-source-2.6.17 | < 2.6.17.1-12.40 | UNKNOWN |
ubuntu | 7.04 | noarch | linux-source-2.6.20 | < 2.6.20-16.31 | UNKNOWN |