Linux Kernel IPV6_Setsockopt IPV6_PKTOPTIONS Integer Overflow Vulnerability

BID:12441

Info

Linux Kernel IPV6_Setsockopt IPV6_PKTOPTIONS Integer Overflow Vulnerability

Bugtraq ID: 12441
Class: Boundary Condition Error
CVE:
Remote: No
Local: Yes
Published: Feb 03 2005 12:00AM
Updated: Feb 03 2005 12:00AM
Credit: Discovery of this vulnerability is credited to qobaiashi <[email protected]>.
Vulnerable: Linux kernel 2.6.10 rc2
Linux kernel 2.6.10
+ Redhat Fedora Core3
 + Redhat Fedora Core2
 + Trustix Secure Linux 3.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
 + Ubuntu Ubuntu Linux 5.0 4 i386
 + Ubuntu Ubuntu Linux 5.0 4 amd64
 Linux kernel 2.6.9
Linux kernel 2.6.8 rc3
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
+ Ubuntu Ubuntu Linux 4.1 ppc
 + Ubuntu Ubuntu Linux 4.1 ia64
 + Ubuntu Ubuntu Linux 4.1 ia32
 Linux kernel 2.6.8
+ S.u.S.E. Linux Personal 9.2 x86_64
 + S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
 + Ubuntu Ubuntu Linux 4.1 ia64
 + Ubuntu Ubuntu Linux 4.1 ia32
 Linux kernel 2.6.7 rc1
Linux kernel 2.6.7
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.5
+ S.u.S.E. Linux Personal 9.1 x86_64
 + S.u.S.E. Linux Personal 9.1 x86_64
 + S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ SuSE Linux Enterprise Server 9
 Linux kernel 2.6.4
Linux kernel 2.4.29 -rc2
Linux kernel 2.4.29 -rc1
Linux kernel 2.4.28
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.4.27 -pre5
Linux kernel 2.4.27 -pre4
Linux kernel 2.4.27 -pre3
Linux kernel 2.4.27 -pre2
Linux kernel 2.4.27 -pre1
Linux kernel 2.4.27
Linux kernel 2.4.26
Linux kernel 2.4.25
Linux kernel 2.4.24 -ow1
Linux kernel 2.4.24
Linux kernel 2.4.23 -pre9
Linux kernel 2.4.23 -ow2
Linux kernel 2.4.23
+ Trustix Secure Linux 2.0
Linux kernel 2.4.22
+ Devil-Linux Devil-Linux 1.0.5
+ Devil-Linux Devil-Linux 1.0.4
+ Mandriva Linux Mandrake 9.2 amd64
 + Mandriva Linux Mandrake 9.2
+ Redhat Fedora Core1
 + Slackware Linux 9.1
Linux kernel 2.4.21 pre7
Linux kernel 2.4.21 pre4
+ Mandriva Linux Mandrake 9.1 ppc
 + Mandriva Linux Mandrake 9.1
Linux kernel 2.4.21 pre1
Linux kernel 2.4.21
+ Mandriva Linux Mandrake 9.1 ppc
 + Mandriva Linux Mandrake 9.1
+ Redhat Desktop 3.0
+ Redhat Enterprise Linux AS 3
 + Redhat Enterprise Linux ES 3
 + Redhat Enterprise Linux WS 3
 + S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0
+ SuSE SUSE Linux Enterprise Server 8
 Linux kernel 2.4.20
+ CRUX CRUX Linux 1.0
+ Gentoo Linux 1.4
+ Gentoo Linux 1.2
+ Redhat Linux 9.0 i386
 + Slackware Linux 9.0
+ WOLK WOLK 4.4 s
Not Vulnerable:

Discussion

Linux Kernel IPV6_Setsockopt IPV6_PKTOPTIONS Integer Overflow Vulnerability

An integer overflow vulnerability is reported in the Linux kernel 'ipv6_setsockopt()' system call. This issue is related to the code for handling the IPV6_PKTOPTIONS socket option, which is used to provide the kernel with IPv6 options for a designation socket.

This issue may be exploited by a local user to compromise the system. Exploitation could also result in a denial of service. It should be noted that this type of vulnerability might provide a generic means of privilege escalation across Linux distributions once a remote attacker has gained unauthorized access as a lower privileged user.

**Update: Conflicting reports suggest that this issue is not in fact a vulnerability. It is reported that the 'optlen' value is sanitized in 'linux/net/socket.c' before reaching the code that is reported vulnerable.

Exploit / POC

Linux Kernel IPV6_Setsockopt IPV6_PKTOPTIONS Integer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Linux Kernel IPV6_Setsockopt IPV6_PKTOPTIONS Integer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

References

Linux Kernel IPV6_Setsockopt IPV6_PKTOPTIONS Integer Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report