Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6282

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2007-6282
Last Modified 21 Aug 2010 01:13:56
Published 07 May 2008 08:20:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6282

Summary

The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux As 4

  • Redhat Enterprise Linux Desktop 4

  • Redhat Enterprise Linux Es 4

  • Redhat Enterprise Linux Ws 4


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=404291

UBUNTU - USN-625-1

REDHAT - RHSA-2008:0585

REDHAT - RHSA-2008:0237

DEBIAN - DSA-1630

SECUNIA - 31628

SECUNIA - 31551

SECUNIA - 31107

SECUNIA - 30962

SECUNIA - 30890

SECUNIA - 30818

SECUNIA - 30112

MLIST - [linux-netdev] 20080222 [Patch] Crash (BUG()) when handling fragmented ESP packets

SUSE - SUSE-SA:2008:032

SUSE - SUSE-SA:2008:031

SUSE - SUSE-SA:2008:030

XF - linux-kernel-esp-dos(42276)

BID - 29081

REDHAT - RHSA-2008:0275

SECUNIA - 30294


Last Updated: 27 May 2016 10:46:26