Your submission was sent successfully! Close

CVE-2008-2750

Published: 18 June 2008

The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable.

From the Ubuntu Security Team

The PPP over L2TP routines in the kernel did not correctly handle certain messages. A remote attacker could send a specially crafted packet that could crash the system or execute arbitrary code.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Does not exist

hardy
Released (2.6.24-19.36)
upstream
Released (2.6.26~rc6)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(code does not exist)
feisty Does not exist

gutsy Does not exist

hardy Does not exist

upstream Not vulnerable
(code does not exist)
linux-source-2.6.20
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Not vulnerable
(code does not exist)
gutsy Does not exist

hardy Does not exist

upstream Not vulnerable
(code does not exist)
linux-source-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Not vulnerable
(code does not exist)
hardy Does not exist

upstream Not vulnerable
(code does not exist)