CVE-2010-4165
Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic (Denial of Service)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
6Exploited in Wild
-Decision
Descriptions
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.
La función do_tcp_setsockopt de net/ipv4/tcp.c en el kernel de Linux anterior a 2.6.37-rc2 no restringe adecuadamente los valores TCP_MAXSEG (también conocidos como MSS), esto permite a usuarios locales provocar una denegación de servicio (OOPS) mediante una llamada setsockopt que especifica un valor pequeño, lo que conduce a un error de división entre cero o un uso incorrecto de un entero asignado.
Multiple vulnerabilities have been discovered and fixed in the Linux 2.6 kernel. The X.25 implementation does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed data, a different vulnerability than CVE-2010-4164. The bcm_connect function Broadcast Manager in the Controller Area Network implementation in the Linux creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. The install_special_mapping function in mm/mmap.c does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application. Various other issues have also been addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-11-04 CVE Reserved
- 2010-11-20 CVE Published
- 2011-03-01 First Exploit
- 2024-08-07 CVE Updated
- 2025-04-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-369: Divide By Zero
CAPEC
References (28)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2 | X_refsource_confirm | |
| http://secunia.com/advisories/42778 | Third Party Advisory | |
| http://secunia.com/advisories/42801 | Third Party Advisory | |
| http://secunia.com/advisories/42932 | Third Party Advisory | |
| http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2 | Broken Link | |
| http://www.osvdb.org/69241 | Broken Link | |
| http://www.securityfocus.com/bid/44830 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2011/0012 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2011/0124 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2011/0298 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/98797 | 2011-03-01 | |
| https://packetstorm.news/files/id/99147 | 2011-03-10 | |
| https://www.exploit-db.com/exploits/16952 | 2017-10-04 | |
| https://www.exploit-db.com/exploits/16263 | 2011-03-03 | |
| http://securityreason.com/securityalert/8111 | 2024-08-07 | |
| http://securityreason.com/securityalert/8123 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2010/11/12/1 | 2023-02-13 | |
| http://www.openwall.com/lists/oss-security/2010/11/12/4 | 2023-02-13 | |
| http://www.spinics.net/lists/netdev/msg146405.html | 2023-02-13 | |
| http://www.spinics.net/lists/netdev/msg146495.html | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=652508 | 2011-03-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.37" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version "2.6.37" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.37 Search vendor "Linux" for product "Linux Kernel" and version "2.6.37" | rc1 |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.2 Search vendor "Opensuse" for product "Opensuse" and version "11.2" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.3 Search vendor "Opensuse" for product "Opensuse" and version "11.3" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop" | 11 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "11" | sp1 |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Real Time Extension Search vendor "Suse" for product "Linux Enterprise Real Time Extension" | 11 Search vendor "Suse" for product "Linux Enterprise Real Time Extension" and version "11" | sp1 |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11" | sp1 |
Affected
| ||||||