CVE-2010-4251
Published: 26 May 2011
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.
From the Ubuntu Security Team
Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(was deferred [referred to security] now end-of-life)
|
|
lucid |
Released
(2.6.32-34.73)
|
|
maverick |
Not vulnerable
(2.6.35-1.1)
|
|
natty |
Not vulnerable
(2.6.37-2.9)
|
|
oneiric |
Not vulnerable
(2.6.39-0.0)
|
|
precise |
Not vulnerable
(3.1.0-1.1)
|
|
quantal |
Not vulnerable
(2.6.39-0.0)
|
|
raring |
Not vulnerable
(2.6.39-0.0)
|
|
upstream |
Released
(2.6.34~rc2)
|
|
Patches: upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8eae939f1400326b06d0c9afe53d2a484a326871 upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6b03a53a5ab7ccf2d5d69f96cf1c739c4d2a8fb9 upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=55349790d7cbf0d381873a7ece1dcafcffd4aaa9 upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=79545b681961d7001c1f4c3eb9ffb87bed4485db upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=50b1a782f845140f4138f14a1ce8a4a6dd0cc82f upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=53eecb1be5ae499d399d2923933937a9ea1a284f upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2499849ee8f513e795b9f2c19a42d6356e4943a4 upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a3a858ff18a72a8d388e31ab0d98f7e944841a62 |
||
linux-armadaxp Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
(3.2.0-1600.1)
|
|
quantal |
Not vulnerable
(3.2.0-1602.5)
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Released
(2.6.32-318.37)
|
|
maverick |
Ignored
(binary supplied by "linux" now)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Released
(2.6.31-610.27)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Not vulnerable
(2.6.35-1.1~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(2.6.38-1.27~lucid1)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-lts-raring Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Released
(2.6.32-218.35)
|
|
maverick |
Released
(2.6.32-418.35)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(reached end-of-life)
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
upstream |
Released
(2.6.34~rc2)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Not vulnerable
(2.6.35-903.8)
|
|
natty |
Not vulnerable
(2.6.38-1201.2)
|
|
oneiric |
Not vulnerable
(2.6.38-1309.13)
|
|
precise |
Not vulnerable
(3.0.0-1401.2)
|
|
quantal |
Not vulnerable
(2.6.38-1309.13)
|
|
raring |
Not vulnerable
(2.6.38-1309.13)
|
|
upstream |
Released
(2.6.34~rc2)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4251
- https://ubuntu.com/security/notices/USN-1204-1
- https://ubuntu.com/security/notices/USN-1203-1
- https://ubuntu.com/security/notices/USN-1208-1
- https://ubuntu.com/security/notices/USN-1216-1
- https://ubuntu.com/security/notices/USN-1218-1
- NVD
- Launchpad
- Debian