Linux kernel tcp_v6_syn_recv_soc() function denial of service

kernel-tcpv6synrecvsoc-dos (33176) The risk level is classified as LowLow Risk

Description:

Linux kernel is vulnerable to a denial of service, caused by a vulnerability in the tcp_v6_syn_recv_soc() function. The ipv6_fl_socklist is shared with a child socket, which could allow the manipulation of listening TCP sockets. A local attacker could exploit this vulnerability to crash the affected system.

Platforms Affected:

  • Avaya, Communication Manager 3.0
  • Avaya, Converged Communications Server 2.0
  • Avaya, Converged Communications Server 2.0.1
  • Avaya, Converged Communications Server 2.1
  • Avaya, Converged Communications Server 3.0
  • Avaya, Converged Communications Server 3.1
  • Avaya, Expanded Meet-Me Conferencing 1.017
  • Avaya, SIP Enablement Services 2.0
  • Avaya, SIP Enablement Services 2.0.1
  • Avaya, SIP Enablement Services 2.1
  • Avaya, SIP Enablement Services 3.0
  • Avaya, SIP Enablement Services 3.1
  • Canonical, Ubuntu 6.06 LTS
  • Canonical, Ubuntu 6.10
  • Canonical, Ubuntu 7.04
  • Debian, Debian Linux 3.1
  • Debian, Debian Linux 4.0
  • Linux, Kernel 2.6.0
  • Linux, Kernel 2.6.0 test9
  • Linux, Kernel 2.6.0 test8
  • Linux, Kernel 2.6.0 test7
  • Linux, Kernel 2.6.0 test6
  • Linux, Kernel 2.6.0 test5
  • Linux, Kernel 2.6.0 test4
  • Linux, Kernel 2.6.0 test3
  • Linux, Kernel 2.6.0 test2
  • Linux, Kernel 2.6.0 test11
  • Linux, Kernel 2.6.0 test10
  • Linux, Kernel 2.6.0 test1
  • Linux, Kernel 2.6.1
  • Linux, Kernel 2.6.1 rc3
  • Linux, Kernel 2.6.1 rc2
  • Linux, Kernel 2.6.1 rc1
  • Linux, Kernel 2.6.10
  • Linux, Kernel 2.6.10 rc1
  • Linux, Kernel 2.6.10 rc2
  • Linux, Kernel 2.6.10 rc3
  • Linux, Kernel 2.6.11 rc1
  • Linux, Kernel 2.6.11
  • Linux, Kernel 2.6.11 rc5
  • Linux, Kernel 2.6.11 rc4
  • Linux, Kernel 2.6.11 rc3
  • Linux, Kernel 2.6.11 rc2
  • Linux, Kernel 2.6.11.1
  • Linux, Kernel 2.6.11.10
  • Linux, Kernel 2.6.11.11
  • Linux, Kernel 2.6.11.12
  • Linux, Kernel 2.6.11.2
  • Linux, Kernel 2.6.11.3
  • Linux, Kernel 2.6.11.4
  • Linux, Kernel 2.6.11.5
  • Linux, Kernel 2.6.11.6
  • Linux, Kernel 2.6.11.7
  • Linux, Kernel 2.6.11.8
  • Linux, Kernel 2.6.11.9
  • Linux, Kernel 2.6.12 rc6
  • Linux, Kernel 2.6.12 rc5
  • Linux, Kernel 2.6.12 rc4
  • Linux, Kernel 2.6.12 rc3
  • Linux, Kernel 2.6.12 rc2
  • Linux, Kernel 2.6.12 rc1
  • Linux, Kernel 2.6.12
  • Linux, Kernel 2.6.12.1
  • Linux, Kernel 2.6.12.12
  • Linux, Kernel 2.6.12.2
  • Linux, Kernel 2.6.12.22
  • Linux, Kernel 2.6.12.3
  • Linux, Kernel 2.6.12.4
  • Linux, Kernel 2.6.12.5
  • Linux, Kernel 2.6.12.6
  • Linux, Kernel 2.6.13 rc7
  • Linux, Kernel 2.6.13 rc6
  • Linux, Kernel 2.6.13 rc5
  • Linux, Kernel 2.6.13 rc4
  • Linux, Kernel 2.6.13 rc3
  • Linux, Kernel 2.6.13 rc2
  • Linux, Kernel 2.6.13 rc1
  • Linux, Kernel 2.6.13
  • Linux, Kernel 2.6.13.1
  • Linux, Kernel 2.6.13.2
  • Linux, Kernel 2.6.13.3
  • Linux, Kernel 2.6.13.4
  • Linux, Kernel 2.6.13.5
  • Linux, Kernel 2.6.14 rc2
  • Linux, Kernel 2.6.14 rc5
  • Linux, Kernel 2.6.14 rc4
  • Linux, Kernel 2.6.14 rc3
  • Linux, Kernel 2.6.14 rc1
  • Linux, Kernel 2.6.14
  • Linux, Kernel 2.6.14.1
  • Linux, Kernel 2.6.14.2
  • Linux, Kernel 2.6.14.3
  • Linux, Kernel 2.6.14.4
  • Linux, Kernel 2.6.14.5
  • Linux, Kernel 2.6.14.6
  • Linux, Kernel 2.6.14.7
  • Linux, Kernel 2.6.15 rc7
  • Linux, Kernel 2.6.15 rc6
  • Linux, Kernel 2.6.15
  • Linux, Kernel 2.6.15 rc2
  • Linux, Kernel 2.6.15 rc1
  • Linux, Kernel 2.6.15 rc3
  • Linux, Kernel 2.6.15 rc4
  • Linux, Kernel 2.6.15 rc5
  • Linux, Kernel 2.6.15.1
  • Linux, Kernel 2.6.15.11
  • Linux, Kernel 2.6.15.2
  • Linux, Kernel 2.6.15.3
  • Linux, Kernel 2.6.15.4
  • Linux, Kernel 2.6.15.5
  • Linux, Kernel 2.6.15.6
  • Linux, Kernel 2.6.15.7
  • Linux, Kernel 2.6.16 rc6
  • Linux, Kernel 2.6.16
  • Linux, Kernel 2.6.16 rc7
  • Linux, Kernel 2.6.16 rc3
  • Linux, Kernel 2.6.16 rc5
  • Linux, Kernel 2.6.16 rc4
  • Linux, Kernel 2.6.16.1
  • Linux, Kernel 2.6.16.10
  • Linux, Kernel 2.6.16.11
  • Linux, Kernel 2.6.16.12
  • Linux, Kernel 2.6.16.13
  • Linux, Kernel 2.6.16.14
  • Linux, Kernel 2.6.16.15
  • Linux, Kernel 2.6.16.16
  • Linux, Kernel 2.6.16.17
  • Linux, Kernel 2.6.16.18
  • Linux, Kernel 2.6.16.19
  • Linux, Kernel 2.6.16.2
  • Linux, Kernel 2.6.16.20
  • Linux, Kernel 2.6.16.21
  • Linux, Kernel 2.6.16.22
  • Linux, Kernel 2.6.16.23
  • Linux, Kernel 2.6.16.24
  • Linux, Kernel 2.6.16.25
  • Linux, Kernel 2.6.16.26
  • Linux, Kernel 2.6.16.27
  • Linux, Kernel 2.6.16.28
  • Linux, Kernel 2.6.16.29
  • Linux, Kernel 2.6.16.3
  • Linux, Kernel 2.6.16.30
  • Linux, Kernel 2.6.16.31
  • Linux, Kernel 2.6.16.32
  • Linux, Kernel 2.6.16.33
  • Linux, Kernel 2.6.16.34
  • Linux, Kernel 2.6.16.35
  • Linux, Kernel 2.6.16.36
  • Linux, Kernel 2.6.16.37
  • Linux, Kernel 2.6.16.38
  • Linux, Kernel 2.6.16.39
  • Linux, Kernel 2.6.16.4
  • Linux, Kernel 2.6.16.40
  • Linux, Kernel 2.6.16.41
  • Linux, Kernel 2.6.16.43
  • Linux, Kernel 2.6.16.44
  • Linux, Kernel 2.6.16.45
  • Linux, Kernel 2.6.16.46
  • Linux, Kernel 2.6.16.47
  • Linux, Kernel 2.6.16.48
  • Linux, Kernel 2.6.16.49
  • Linux, Kernel 2.6.16.5
  • Linux, Kernel 2.6.16.50
  • Linux, Kernel 2.6.16.51
  • Linux, Kernel 2.6.16.52
  • Linux, Kernel 2.6.16.53
  • Linux, Kernel 2.6.16.6
  • Linux, Kernel 2.6.16.7
  • Linux, Kernel 2.6.16.8
  • Linux, Kernel 2.6.16.9
  • Linux, Kernel 2.6.17 rc5
  • Linux, Kernel 2.6.17 rc4
  • Linux, Kernel 2.6.17 rc3
  • Linux, Kernel 2.6.17 rc2
  • Linux, Kernel 2.6.17
  • Linux, Kernel 2.6.17 rc6
  • Linux, Kernel 2.6.17 rc1
  • Linux, Kernel 2.6.17.1
  • Linux, Kernel 2.6.17.10
  • Linux, Kernel 2.6.17.11
  • Linux, Kernel 2.6.17.12
  • Linux, Kernel 2.6.17.13
  • Linux, Kernel 2.6.17.14
  • Linux, Kernel 2.6.17.2
  • Linux, Kernel 2.6.17.3
  • Linux, Kernel 2.6.17.4
  • Linux, Kernel 2.6.17.5
  • Linux, Kernel 2.6.17.6
  • Linux, Kernel 2.6.17.7
  • Linux, Kernel 2.6.17.8
  • Linux, Kernel 2.6.17.9
  • Linux, Kernel 2.6.18 rc5
  • Linux, Kernel 2.6.18 rc3
  • Linux, Kernel 2.6.18 rc4
  • Linux, Kernel 2.6.18 rc6
  • Linux, Kernel 2.6.18 rc7
  • Linux, Kernel 2.6.18
  • Linux, Kernel 2.6.18 rc1
  • Linux, Kernel 2.6.18 rc2
  • Linux, Kernel 2.6.18.1
  • Linux, Kernel 2.6.18.10
  • Linux, Kernel 2.6.18.11
  • Linux, Kernel 2.6.18.12
  • Linux, Kernel 2.6.18.13
  • Linux, Kernel 2.6.18.14
  • Linux, Kernel 2.6.18.15
  • Linux, Kernel 2.6.18.16
  • Linux, Kernel 2.6.18.17
  • Linux, Kernel 2.6.18.18
  • Linux, Kernel 2.6.18.19
  • Linux, Kernel 2.6.18.2
  • Linux, Kernel 2.6.18.20
  • Linux, Kernel 2.6.18.21
  • Linux, Kernel 2.6.18.22
  • Linux, Kernel 2.6.18.23
  • Linux, Kernel 2.6.18.24
  • Linux, Kernel 2.6.18.25
  • Linux, Kernel 2.6.18.26
  • Linux, Kernel 2.6.18.27
  • Linux, Kernel 2.6.18.28
  • Linux, Kernel 2.6.18.29
  • Linux, Kernel 2.6.18.3
  • Linux, Kernel 2.6.18.30
  • Linux, Kernel 2.6.18.31
  • Linux, Kernel 2.6.18.32
  • Linux, Kernel 2.6.18.33
  • Linux, Kernel 2.6.18.34
  • Linux, Kernel 2.6.18.35
  • Linux, Kernel 2.6.18.36
  • Linux, Kernel 2.6.18.37
  • Linux, Kernel 2.6.18.38
  • Linux, Kernel 2.6.18.39
  • Linux, Kernel 2.6.18.4
  • Linux, Kernel 2.6.18.40
  • Linux, Kernel 2.6.18.41
  • Linux, Kernel 2.6.18.42
  • Linux, Kernel 2.6.18.43
  • Linux, Kernel 2.6.18.44
  • Linux, Kernel 2.6.18.45
  • Linux, Kernel 2.6.18.46
  • Linux, Kernel 2.6.18.47
  • Linux, Kernel 2.6.18.48
  • Linux, Kernel 2.6.18.49
  • Linux, Kernel 2.6.18.5
  • Linux, Kernel 2.6.18.50
  • Linux, Kernel 2.6.18.51
  • Linux, Kernel 2.6.18.52
  • Linux, Kernel 2.6.18.53
  • Linux, Kernel 2.6.18.6
  • Linux, Kernel 2.6.18.7
  • Linux, Kernel 2.6.18.8
  • Linux, Kernel 2.6.18.9
  • Linux, Kernel 2.6.19 rc2
  • Linux, Kernel 2.6.19 rc4
  • Linux, Kernel 2.6.19 rc3
  • Linux, Kernel 2.6.19 rc1
  • Linux, Kernel 2.6.19.0
  • Linux, Kernel 2.6.19.1
  • Linux, Kernel 2.6.19.2
  • Linux, Kernel 2.6.19.3
  • Linux, Kernel 2.6.19.4
  • Linux, Kernel 2.6.2
  • Linux, Kernel 2.6.2 rc3
  • Linux, Kernel 2.6.2 rc2
  • Linux, Kernel 2.6.2 rc1
  • Linux, Kernel 2.6.20
  • Linux, Kernel 2.6.20 rc2
  • Linux, Kernel 2.6.20.1
  • Linux, Kernel 2.6.20.10
  • Linux, Kernel 2.6.20.11
  • Linux, Kernel 2.6.20.12
  • Linux, Kernel 2.6.20.13
  • Linux, Kernel 2.6.20.14
  • Linux, Kernel 2.6.20.15
  • Linux, Kernel 2.6.20.2
  • Linux, Kernel 2.6.20.3
  • Linux, Kernel 2.6.20.4
  • Linux, Kernel 2.6.20.5
  • Linux, Kernel 2.6.20.6
  • Linux, Kernel 2.6.20.7
  • Linux, Kernel 2.6.20.8
  • Linux, Kernel 2.6.20.9
  • Linux, Kernel 2.6.21 rc3
  • Linux, Kernel 2.6.21 git1
  • Linux, Kernel 2.6.21 git2
  • Linux, Kernel 2.6.21 git5
  • Linux, Kernel 2.6.21 git6
  • Linux, Kernel 2.6.21 git7
  • Linux, Kernel 2.6.21 git3
  • Linux, Kernel 2.6.21 git4
  • Linux, Kernel 2.6.3 rc1
  • Linux, Kernel 2.6.3
  • Linux, Kernel 2.6.3 rc2
  • Linux, Kernel 2.6.3 rc3
  • Linux, Kernel 2.6.3 rc4
  • Linux, Kernel 2.6.4
  • Linux, Kernel 2.6.4 rc2
  • Linux, Kernel 2.6.4 rc1
  • Linux, Kernel 2.6.4 rc3
  • Linux, Kernel 2.6.5 rc2
  • Linux, Kernel 2.6.5 rc1
  • Linux, Kernel 2.6.5
  • Linux, Kernel 2.6.5 rc3
  • Linux, Kernel 2.6.6 rc1
  • Linux, Kernel 2.6.6
  • Linux, Kernel 2.6.6 rc2
  • Linux, Kernel 2.6.6 rc3
  • Linux, Kernel 2.6.7
  • Linux, Kernel 2.6.7 rc3
  • Linux, Kernel 2.6.7 rc1
  • Linux, Kernel 2.6.7 rc2
  • Linux, Kernel 2.6.8 rc1
  • Linux, Kernel 2.6.8 rc3
  • Linux, Kernel 2.6.8 rc4
  • Linux, Kernel 2.6.8 rc2
  • Linux, Kernel 2.6.8
  • Linux, Kernel 2.6.8.1
  • Linux, Kernel 2.6.9 rc1
  • Linux, Kernel 2.6.9
  • Linux, Kernel 2.6.9 rc2
  • Linux, Kernel 2.6.9 rc3
  • Linux, Kernel 2.6.9 rc4
  • MandrakeSoft, Mandrake Linux 2007 X86_64
  • MandrakeSoft, Mandrake Linux 2007
  • Novell, Linux Desktop 9
  • Novell, Linux POS 9
  • Novell, Open Enterprise Server
  • Novell, Open Enterprise Server
  • Novell, OpenSUSE 10.2
  • RedHat, Enterprise Linux 2.1 ES
  • RedHat, Enterprise Linux 2.1 AS
  • RedHat, Enterprise Linux 2.1 WS
  • RedHat, Enterprise Linux 3 ES
  • RedHat, Enterprise Linux 3 WS
  • RedHat, Enterprise Linux 3 AS
  • RedHat, Enterprise Linux 3 Desktop
  • RedHat, Enterprise Linux 5
  • RedHat, Enterprise Linux 5 Client Workstation
  • RedHat, Enterprise Linux 5 Client
  • RedHat, Enterprise Linux Desktop 5.0
  • RedHat, Linux Advanced Workstation 2.1 Itanium
  • SuSE, SuSE CORE 9
  • SuSE, SuSE Linux 10.0
  • SuSE, SuSE Linux 10.1
  • SuSE, SuSE Linux 9.3
  • SuSE, SuSE SLED 10
  • SuSE, SuSE SLES 9

Remedy:

Refer to Red Hat Bugzilla Bug 233478 for patch information. See References.

Apply the patch for Linux 2.6.x available from linux-netdev Mailing List, 2007-03-16 17:45:42. See References.

For Mandriva Linux (kernel):
Refer to MDKSA-2007:078 for patch, upgrade, or suggested workaround information. See References.

For Debian Linux (kernel):
Refer to DSA-1286-1 for patch, upgrade, or suggested workaround information. See References.

For Debian Linux (kernel 2.6.8):
Refer to DSA-1304-1 for patch, upgrade, or suggested workaround information. See References.

For SUSE Linux (kernel):
Refer to SUSE-SA:2007:030 for patch, upgrade, or suggested workaround information. See References.

For SUSE Linux (kernel):
Refer to SUSE-SA:2007:035 for patch, upgrade, or suggested workaround information. See References.

For Ubuntu Linux (linux-source):
Refer to USN-464-1 for patch, upgrade, or suggested workaround information. See References.

For Red Hat Linux (kernel):
Refer to RHSA-2007:0347 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Denial of Service

References:

  • linux-netdev Mailing List, 2007-03-16 17:45:42, [PATCH 2.6.21-rc3] IPV6: ipv6_fl_socklist is inadvertently shared. at http://marc.info/?l=linux-netdev&m=117406721731891&w=2.
  • Red Hat Bugzilla Bug 233478, CVE-2007-1592 IPv6 oops triggerable by any user at http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233478.
  • The Linux Kernel Archives Web site, The Linux Kernel Archives at http://kernel.org/.
  • ASA-2007-372: Updated kernel packages for Red Hat Enterprise Linux 3 Update 9 (RHSA-2007-0436)
  • ASA-2007-404: kernel security update (RHSA-2007-0672)
  • ASA-2007-406: kernel security update (RHSA-2007-0673)
  • BID-23104: Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
  • CVE-2007-1592: net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to that socket.
  • DSA-1286: linux-2.6 -- several vulnerabilities
  • DSA-1304: kernel-source-2.6.8 -- several vulnerabilities
  • DSA-1503: kernel-source-2.4.27 -- several vulnerabilities
  • FrSIRT/ADV-2007-1084: Linux Kernel tcp_v6_syn_recv_soc() IPv6 Sockets Local Denial of Service Vulnerability
  • MDKSA-2007:078: Updated kernel packages fix multiple vulnerabilities and bugs
  • RHSA-2007-0347: Important: kernel security and bug fix update
  • RHSA-2007-0436: Important: Updated kernel packages for Red Hat Enterprise Linux 3 Update 9
  • RHSA-2007-0672: Important: kernel security update
  • RHSA-2007-0673: Important: kernel security update
  • SA24618: Linux Kernel Multiple Denial of Service Vulnerabilities
  • SA27528: Avaya Products Linux Kernel Multiple Vulnerabilities
  • SUSE-SA:2007:030: Linux kernel security update
  • SUSE-SA:2007:035: Linux kernel security update
  • SUSE-SA:2007:043: Linux kernel update
  • USN-464-1: Linux kernel vulnerabilities

Reported:

Mar 22, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page