Lucene search

Ubuntu.comUB:CVE-2007-2480

HistoryMay 03, 2007 - 12:00 a.m.

CVE-2007-2480

2007-05-0300:00:00

ubuntu.com

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and
earlier does not prevent a bind to a port with a local address when there
is already a bind to that port with a wildcard local address, which might
allow local users to intercept local traffic for daemons or other
applications.

Notes

Author	Note
kees	Cannot reproduce. Is this really an issue for kernels prior to 2.6.21?

OSVersionArchitecturePackageVersionFilename
ubuntu7.10noarchlinux-source-2.6.22< 2.6.22-12.39UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	7.10	noarch	linux-source-2.6.22	< 2.6.22-12.39	UNKNOWN

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=de34ed91c4ffa4727964a832c46e624dd1495cf5

launchpad.net/bugs/cve/CVE-2007-2480

nvd.nist.gov/vuln/detail/CVE-2007-2480

security-tracker.debian.org/tracker/CVE-2007-2480

www.cve.org/CVERecord?id=CVE-2007-2480

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2007-2480