Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2011-0709

Published: 18 February 2011

The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table.

From the Ubuntu Security Team

Frank Arnold discovered that the IGMP protocol did not correctly parse certain packets. A remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.

Notes

AuthorNote
sbeattie
occurred between 2.6.35-rc1 and 2.6.35-rc5, see
http://openwall.com/lists/oss-security/2011/02/16/1

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable

jaunty Not vulnerable

karmic Not vulnerable

lucid Not vulnerable

maverick
Released (2.6.35-8.13)
natty Not vulnerable
(2.6.37-2.9)
upstream
Released (2.6.35~rc5)
Patches:
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7f285fa78d4b81b8458f05e77fb6b46245121b4e
linux-ec2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Not vulnerable

lucid Not vulnerable

maverick Ignored
(binary supplied by "linux" now)
natty Does not exist

upstream
Released (2.6.35~rc5)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Not vulnerable

lucid Not vulnerable

maverick Does not exist

natty Does not exist

upstream
Released (2.6.35~rc5)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid
Released (2.6.35-8.13~lucid1)
maverick Does not exist

natty Does not exist

upstream
Released (2.6.35~rc5)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable
(2.6.38-1.27~lucid1)
maverick Does not exist

natty Does not exist

upstream
Released (2.6.35~rc5)
linux-mvl-dove
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(abandonded branch)
lucid Not vulnerable

maverick Not vulnerable

natty Does not exist

upstream
Released (2.6.35~rc5)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

upstream
Released (2.6.35~rc5)
linux-ti-omap4
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick Not vulnerable
(2.6.35-903.8)
natty Not vulnerable
(2.6.38-1201.2)
upstream
Released (2.6.35~rc5)