Linux Kernel IPV6 UFO Packet Processing Denial of Service Vulnerability

Linux Kernel IPV6 UFO Packet Processing Denial of Service Vulnerability

Release date:
Updated on:

Affected Systems:
Linux kernel 3.4.x
Linux kernel 3.2.x
Linux kernel 3.11.x
Linux kernel 3.10.x
Linux kernel 3.0.x
Linux kernel 2.6.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-4387

Linux is the kernel of a free computer. It is a Unix-like operating system written in C language that complies with POSIX standards.

Linux Kernel 2.6.32.61, 2.6.34.14, 3.0.98, 3.2.51, 3.4.64, 3.10.14, 3.11.3 has an error in the "Kernel ()", "ip6_opt_dup ()" function (net/ipv6/ip6_output.c, memory Corruption caused by exploitation. To successfully exploit this vulnerability, the kernel must support the IPv6 protocol (CONFIG_IPV6) and enable the UFO feature of the Ethernet driver.

<* Source: Dmitry Vyukov

Link: http://secunia.com/advisories/54767/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.kernel.org/

Https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit? Id = 2811ebac2521ceac84f2bdae402455baa6a7fb47

Linux Kernel: click here
Linux Kernel: click here

Recommended reading:

Linux 3.12 code Suicidal Squirrel

How to install Linux 3.11 Kernel on Ubuntu

The Ubuntu 13.10 (Saucy Salamander) Kernel has been upgraded to Linux Kernel 3.10 RC5

Linux Kernel 3.4.62 LTS is now available for download