CVE-2012-0207
high
CVSS v3
7.5
CVSS v2
7.8
VIR risk
7.5
Description
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.
Predictions
Exploit likelihood
83%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security@debian.org — https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27
Vendor advisory: security@debian.org — https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b
Vendor advisory: security@debian.org — https://bugzilla.redhat.com/show_bug.cgi?id=772867
Vendor advisory: security@debian.org — http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| linux-kernel | affected | 3.0.17 | |
| rhel | 5.6 | affected | |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1
- http://www.openwall.com/lists/oss-security/2012/01/10/5
- https://bugzilla.redhat.com/show_bug.cgi?id=772867
- https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b
- https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1
- http://www.openwall.com/lists/oss-security/2012/01/10/5
- https://bugzilla.redhat.com/show_bug.cgi?id=772867
- https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b
- https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27
CWEs
CWE-369
Verify integrity in audit chain (admin only). AS-IS.