CVE - CVE-2007-2172

CVE-ID
CVE-2007-2172	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc6 CONFIRM:http://www.mail-archive.com/git-commits-head@vger.kernel.org/msg08269.html CONFIRM:http://www.mail-archive.com/git-commits-head@vger.kernel.org/msg08270.html CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35 DEBIAN:DSA-1356 URL:http://www.debian.org/security/2007/dsa-1356 DEBIAN:DSA-1363 URL:http://www.debian.org/security/2007/dsa-1363 DEBIAN:DSA-1503 URL:http://www.debian.org/security/2008/dsa-1503 DEBIAN:DSA-1504 URL:http://www.debian.org/security/2008/dsa-1504 MANDRIVA:MDKSA-2007:171 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:171 MANDRIVA:MDKSA-2007:196 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:196 MANDRIVA:MDKSA-2007:216 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:216 REDHAT:RHSA-2007:0347 URL:http://www.redhat.com/support/errata/RHSA-2007-0347.html REDHAT:RHSA-2007:0488 URL:http://rhn.redhat.com/errata/RHSA-2007-0488.html REDHAT:RHSA-2007:1049 URL:http://www.redhat.com/support/errata/RHSA-2007-1049.html REDHAT:RHSA-2008:0787 URL:http://www.redhat.com/support/errata/RHSA-2008-0787.html UBUNTU:USN-464-1 URL:http://www.ubuntu.com/usn/usn-464-1 BID:23447 URL:http://www.securityfocus.com/bid/23447 OVAL:oval:org.mitre.oval:def:10764 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10764 VUPEN:ADV-2007-2690 URL:http://www.vupen.com/english/advisories/2007/2690 SECUNIA:25288 URL:http://secunia.com/advisories/25288 SECUNIA:25392 URL:http://secunia.com/advisories/25392 SECUNIA:25838 URL:http://secunia.com/advisories/25838 SECUNIA:26289 URL:http://secunia.com/advisories/26289 SECUNIA:26450 URL:http://secunia.com/advisories/26450 SECUNIA:25068 URL:http://secunia.com/advisories/25068 SECUNIA:26647 URL:http://secunia.com/advisories/26647 SECUNIA:26620 URL:http://secunia.com/advisories/26620 SECUNIA:27913 URL:http://secunia.com/advisories/27913 SECUNIA:29058 URL:http://secunia.com/advisories/29058 SECUNIA:33280 URL:http://secunia.com/advisories/33280 XF:kernel-dnfibprops-fibprops-dos(33979) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/33979
Assigning CNA
N/A
Date Entry Created
20070422	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070422)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.