CVE-2011-1093

Published: 18 July 2011

The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet.

From the Ubuntu security team

Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc8)
Patches:
Introduced by 7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c
Fixed by 720dc34bbbe9493c7bd48b2243058b4e447a929d
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc8)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc8)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc8)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc8)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc8)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc8)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc8)