CVE-2004-1137
CVE-2004-1137
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/686unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930http://isec.pl/vulnerabilities/isec-0018-igmp.txthttp://marc.info/?l=bugtraq&m=110306397320336&w=2https://bugzilla.fedora.us/show_bug.cgi?id=2336https://exchange.xforce.ibmcloud.com/vulnerabilities/18481https://exchange.xforce.ibmcloud.com/vulnerabilities/18482https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11144http://www.mandriva.com/security/advisories?name=MDKSA-2005:022http://www.novell.com/linux/security/advisories/2004_44_kernel.htmlhttp://www.redhat.com/support/errata/RHSA-2005-092.html