Denial Of Service (DoS)

2020-04-1001:08:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

JSON

kernel is vulnerable to denial of service (DoS). The vulnerability exists as the fix for CVE-2011-2482 provided by RHSA-2011:1212 introduced a regression: on systems that do not have Security-Enhanced Linux (SELinux) in Enforcing mode, a socket lock race could occur between sctp_rcv() and sctp_accept(). A remote attacker could use this flaw to cause a denial of service. By default, SELinux runs in Enforcing mode on Red Hat Enterprise Linux 5.

CPENameOperatorVersion
kerneleq2.6.18__164.9.1.el5
kerneleq2.6.18__8.1.15.el5
kerneleq2.6.18__164.10.1.el5
kerneleq2.6.18__128.4.1.el5
kerneleq2.6.18__53.1.21.el5
kerneleq2.6.18__274.3.1.el5
kerneleq2.6.18__238.12.1.el5
kerneleq2.6.18__92.1.18.el5
kerneleq2.6.18__128.7.1.el5
kerneleq2.6.18__8.1.8.el5

Name	Operator	Version
kernel	eq	2.6.18__164.9.1.el5
kernel	eq	2.6.18__8.1.15.el5
kernel	eq	2.6.18__164.10.1.el5
kernel	eq	2.6.18__128.4.1.el5
kernel	eq	2.6.18__53.1.21.el5
kernel	eq	2.6.18__274.3.1.el5
kernel	eq	2.6.18__238.12.1.el5
kernel	eq	2.6.18__92.1.18.el5
kernel	eq	2.6.18__128.7.1.el5
kernel	eq	2.6.18__8.1.8.el5