CVE

Id
25091  
CVE No.
CVE-2007-1734  
Status
Candidate  
Description
The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730.  
Phase
Assigned (20070328)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
249690 25091 CVE-2007-1734 BUGTRAQ:20070327 Re: [Full-disclosure] Linux Kernel DCCP Memory Disclosure Vulnerability  View
249691 25091 CVE-2007-1734 URL:http://www.securityfocus.com/archive/1/archive/1/463969/100/0/threaded  View
249692 25091 CVE-2007-1734 SECTRACK:1017820  View
249693 25091 CVE-2007-1734 URL:http://www.securitytracker.com/id?1017820  View
249694 25091 CVE-2007-1734 SREASON:2511  View
249695 25091 CVE-2007-1734 URL:http://securityreason.com/securityalert/2511  View
249696 25091 CVE-2007-1734 XF:kernel-dccp-information-disclosure(33274)  View
249697 25091 CVE-2007-1734 URL:http://xforce.iss.net/xforce/xfdb/33274  View
249698 25091 CVE-2007-1734 XF:linux-kernel-dccp-info-disclosure(43321)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
54912 JVNDB-2007-003604 Mozilla Firefox におけるフィッシングの保護を回避される脆弱性 Mozilla Firefox は、フィッシングサイトのブラックリストに対して (1) オブジェクトまたは (2) iframe HTML タグに組み込まれた URL をチェックしないため、フィッシングの保護を回避される脆弱性が存在します。 CVE-2007-1736 25091 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-003604.html  View