CVE-2010-4251
Published: 26 May 2011
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.
From the Ubuntu security team
Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service.
Priority
CVSS 3 base score: 7.5
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(was deferred [referred to security] now end-of-life)
|
|
lucid |
Released
(2.6.32-34.73)
|
|
maverick |
Not vulnerable
(2.6.35-1.1)
|
|
natty |
Not vulnerable
(2.6.37-2.9)
|
|
oneiric |
Not vulnerable
(2.6.39-0.0)
|
|
precise |
Not vulnerable
(3.1.0-1.1)
|
|
quantal |
Not vulnerable
(2.6.39-0.0)
|
|
raring |
Not vulnerable
(2.6.39-0.0)
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-armadaxp Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
(3.2.0-1600.1)
|
|
quantal |
Not vulnerable
(3.2.0-1602.5)
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Released
(2.6.32-318.37)
|
|
maverick |
Ignored
(binary supplied by "linux" now)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Released
(2.6.31-610.27)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Not vulnerable
(2.6.35-1.1~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(2.6.38-1.27~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-lts-raring Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Released
(2.6.32-218.35)
|
|
maverick |
Released
(2.6.32-418.35)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(reached end-of-life)
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Not vulnerable
(2.6.35-903.8)
|
|
natty |
Not vulnerable
(2.6.38-1201.2)
|
|
oneiric |
Not vulnerable
(2.6.38-1309.13)
|
|
precise |
Not vulnerable
(3.0.0-1401.2)
|
|
quantal |
Not vulnerable
(2.6.38-1309.13)
|
|
raring |
Not vulnerable
(2.6.38-1309.13)
|
|
upstream |
Released
(2.6.34~rc2)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4251
- https://ubuntu.com/security/notices/USN-1204-1
- https://ubuntu.com/security/notices/USN-1203-1
- https://ubuntu.com/security/notices/USN-1208-1
- https://ubuntu.com/security/notices/USN-1216-1
- https://ubuntu.com/security/notices/USN-1218-1
- NVD
- Launchpad
- Debian