← volver
CVE-2010-4165

CVE-2010-4165

EPSS 1.4%
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.
Productos afectados
n/a · n/a
PoCs públicas encontradas2
exploitdbwww.exploit-db.com/exploits/16263no verificadoexploitdbwww.exploit-db.com/exploits/16952no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=652508http://secunia.com/advisories/42778http://secunia.com/advisories/42801http://secunia.com/advisories/42932http://securityreason.com/securityalert/8111http://securityreason.com/securityalert/8123http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2