Summary
This host is running Linux and prone to remote denial of service vulnerability.
Impact
Successful exploitation may allow remote attackers to cause a kernel crash, denying service to legitimate users.
Impact Level: System
Solution
Upgrade to Linux Kernel version 3.0.17, 3.1.9 or 3.2.1 For updates refer to http://www.kernel.org
Insight
The flaw is due to an error in IGMP protocol implementation, which can be exploited to cause a kernel crash via specially crafted IGMP queries.
Affected
Linux Kernels above or equal to 2.6.36
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27
- http://secunia.com/advisories/47472
- http://womble.decadent.org.uk/blog/igmp-denial-of-service-in-linux-cve-2012-0207.html
- http://www.exploit-db.com/exploits/18378
- http://www.securitytracker.com/id/1026526
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-0207 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Azeotech DAQFactory NETB Datagram Parsing Stack Buffer Overflow Vulnerability
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows)
- Asterisk PBX NULL Pointer Dereference Overflow
- Apache 'mod_deflate' Denial Of Service Vulnerability - July09
- Easy RM to MP3 Converter Buffer Overflow Vulnerability