CVE - CVE-2008-2136

CVE-ID
CVE-2008-2136	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[linux-kernel] 20080509 Re: When should kfree_skb be used? URL:http://marc.info/?l=linux-netdev&m=121031533024912&w=2 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3 CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0169 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-362.htm CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.5 DEBIAN:DSA-1588 URL:http://www.debian.org/security/2008/dsa-1588 FEDORA:FEDORA-2008-3949 URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00294.html MANDRIVA:MDVSA-2008:167 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:167 MANDRIVA:MDVSA-2008:174 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:174 REDHAT:RHSA-2008:0607 URL:http://www.redhat.com/support/errata/RHSA-2008-0607.html REDHAT:RHSA-2008:0612 URL:http://www.redhat.com/support/errata/RHSA-2008-0612.html REDHAT:RHSA-2008:0585 URL:http://www.redhat.com/support/errata/RHSA-2008-0585.html REDHAT:RHSA-2008:0973 URL:http://www.redhat.com/support/errata/RHSA-2008-0973.html REDHAT:RHSA-2008:0787 URL:http://www.redhat.com/support/errata/RHSA-2008-0787.html SUSE:SUSE-SA:2008:030 URL:http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html SUSE:SUSE-SA:2008:032 URL:http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html UBUNTU:USN-625-1 URL:http://www.ubuntu.com/usn/usn-625-1 BID:29235 URL:http://www.securityfocus.com/bid/29235 OVAL:oval:org.mitre.oval:def:11038 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11038 OVAL:oval:org.mitre.oval:def:6503 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6503 SECUNIA:30499 URL:http://secunia.com/advisories/30499 VUPEN:ADV-2008-1543 URL:http://www.vupen.com/english/advisories/2008/1543/references SECTRACK:1020118 URL:http://www.securitytracker.com/id?1020118 SECUNIA:30198 URL:http://secunia.com/advisories/30198 SECUNIA:30241 URL:http://secunia.com/advisories/30241 SECUNIA:30276 URL:http://secunia.com/advisories/30276 SECUNIA:30368 URL:http://secunia.com/advisories/30368 SECUNIA:30818 URL:http://secunia.com/advisories/30818 SECUNIA:30962 URL:http://secunia.com/advisories/30962 SECUNIA:31107 URL:http://secunia.com/advisories/31107 SECUNIA:31198 URL:http://secunia.com/advisories/31198 SECUNIA:31341 URL:http://secunia.com/advisories/31341 SECUNIA:31628 URL:http://secunia.com/advisories/31628 SECUNIA:31689 URL:http://secunia.com/advisories/31689 SECUNIA:33201 URL:http://secunia.com/advisories/33201 SECUNIA:33280 URL:http://secunia.com/advisories/33280 VUPEN:ADV-2008-1716 URL:http://www.vupen.com/english/advisories/2008/1716/references XF:linux-kernel-ipip6rcv-dos(42451) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/42451
Assigning CNA
N/A
Date Entry Created
20080512	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080512)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.