Vulnerabilidad en el kernel de Linux. (CVE-2007-5501)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-399
Error en la gestión de recursos
Fecha de publicación:
15/11/2007
Última modificación:
09/04/2025
Descripción
La función tcp_sacktag_write_queue en el archivo net/ipv4/tcp_input.c en el kernel de Linux versiones 2.6.21 hasta 2.6.23.7 ??y versiones 2.6.24-rc hasta 2.6.24-rc2, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de respuestas ACK diseñadas que desencadenan una desreferencia del puntero
Impacto
Puntuación base 2.0
7.80
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:2.6.21:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.21:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.21:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.21:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.21:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.21:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.21:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.21:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.21.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.21.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.21.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.21.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.21.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.21.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.21.7:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba%3Dcommit%3Bh%3D96a2d41a3e495734b63bff4e5dd0112741b93b38
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html
- http://lwn.net/Articles/258947/
- http://secunia.com/advisories/27664
- http://secunia.com/advisories/27703
- http://secunia.com/advisories/27888
- http://secunia.com/advisories/27919
- http://secunia.com/advisories/27922
- http://secunia.com/advisories/28170
- http://secunia.com/advisories/28706
- http://secunia.com/advisories/29245
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.8
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc3
- http://www.mandriva.com/security/advisories?name=MDVSA-2008%3A044
- http://www.novell.com/linux/security/advisories/2007_63_kernel.html
- http://www.securityfocus.com/bid/26474
- http://www.ubuntu.com/usn/usn-558-1
- http://www.ubuntu.com/usn/usn-574-1
- http://www.vupen.com/english/advisories/2007/3902
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38548
- https://issues.rpath.com/browse/RPL-1965
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00032.html
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00170.html
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00302.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba%3Dcommit%3Bh%3D96a2d41a3e495734b63bff4e5dd0112741b93b38
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html
- http://lwn.net/Articles/258947/
- http://secunia.com/advisories/27664
- http://secunia.com/advisories/27703
- http://secunia.com/advisories/27888
- http://secunia.com/advisories/27919
- http://secunia.com/advisories/27922
- http://secunia.com/advisories/28170
- http://secunia.com/advisories/28706
- http://secunia.com/advisories/29245
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.8
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc3
- http://www.mandriva.com/security/advisories?name=MDVSA-2008%3A044
- http://www.novell.com/linux/security/advisories/2007_63_kernel.html
- http://www.securityfocus.com/bid/26474
- http://www.ubuntu.com/usn/usn-558-1
- http://www.ubuntu.com/usn/usn-574-1
- http://www.vupen.com/english/advisories/2007/3902
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38548
- https://issues.rpath.com/browse/RPL-1965
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00032.html
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00170.html
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00302.html