CVE-2011-1093

Current Description

The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet.

Basic Data

PublishedJuly 18, 2011
Last ModifiedJuly 31, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-476
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.8
SeverityHIGH
Exploitability Score10.0
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********2.6.38
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux Aus5.6*******
    2.3OSRedhatEnterprise Linux Desktop5.0*******
    2.3OSRedhatEnterprise Linux Eus5.6*******
    2.3OSRedhatEnterprise Linux Server5.0*******
    2.3OSRedhatEnterprise Linux Workstation5.0*******

Vulnerable Software List

VendorProductVersions
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Eus 5.6
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Aus 5.6
Redhat Enterprise Linux Server 5.0
Linux Linux Kernel *

References

NameSourceURLTags
http://downloads.avaya.com/css/P8/documents/100145416http://downloads.avaya.com/css/P8/documents/100145416CONFIRMThird Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b2243058b4e447a929dhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b22CONFIRMPatch Vendor Advisory
[oss-security] 20110308 Re: CVE request: kernel: dccp: fix oops on Reset after closehttp://openwall.com/lists/oss-security/2011/03/08/19MLISTMailing List Patch Third Party Advisory
[oss-security] 20110308 CVE request: kernel: dccp: fix oops on Reset after closehttp://openwall.com/lists/oss-security/2011/03/08/4MLISTMailing List Patch Third Party Advisory
RHSA-2011:0833http://rhn.redhat.com/errata/RHSA-2011-0833.htmlREDHATThird Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38CONFIRMBroken Link
46793http://www.securityfocus.com/bid/46793BIDThird Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=682954https://bugzilla.redhat.com/show_bug.cgi?id=682954CONFIRMIssue Tracking Patch Third Party Advisory