CVE - CVE-2010-4165

CVE-ID
CVE-2010-4165	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:42778 URL:http://secunia.com/advisories/42778 MISC:42801 URL:http://secunia.com/advisories/42801 MISC:42932 URL:http://secunia.com/advisories/42932 MISC:44830 URL:http://www.securityfocus.com/bid/44830 MISC:69241 URL:~~http://www.osvdb.org/69241~~ (Obsolete source) MISC:8111 URL:http://securityreason.com/securityalert/8111 MISC:8123 URL:http://securityreason.com/securityalert/8123 MISC:ADV-2011-0012 URL:~~http://www.vupen.com/english/advisories/2011/0012~~ (Obsolete source) MISC:ADV-2011-0124 URL:~~http://www.vupen.com/english/advisories/2011/0124~~ (Obsolete source) MISC:ADV-2011-0298 URL:~~http://www.vupen.com/english/advisories/2011/0298~~ (Obsolete source) MISC:MDVSA-2011:029 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:029~~ (Obsolete source) MISC:MDVSA-2011:051 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:051~~ (Obsolete source) MISC:SUSE-SA:2011:001 URL:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html MISC:SUSE-SA:2011:002 URL:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html MISC:SUSE-SA:2011:004 URL:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html MISC:SUSE-SA:2011:007 URL:http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html MISC:[netdev] 20101110 Re: possible kernel oops from user MSS URL:http://www.spinics.net/lists/netdev/msg146495.html MISC:[netdev] 20101110 possible kernel oops from user MSS URL:http://www.spinics.net/lists/netdev/msg146405.html MISC:[oss-security] 20101112 CVE request: kernel: possible kernel oops from user MSS URL:http://www.openwall.com/lists/oss-security/2010/11/12/1 MISC:[oss-security] 20101112 Re: CVE request: kernel: possible kernel oops from user MSS URL:http://www.openwall.com/lists/oss-security/2010/11/12/4 MISC:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2 URL:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2 MISC:http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2 URL:http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=652508 URL:https://bugzilla.redhat.com/show_bug.cgi?id=652508
Assigning CNA
Red Hat, Inc.
Date Record Created
20101104	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101104)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)