Vulnerability Name:

CVE-2007-4567 (CCN-39171)

Assigned:2007-09-07
Published:2007-09-07
Updated:2023-02-13
Summary:The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: MITRE
Type: CNA
CVE-2007-4567

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2010-0019
Important: kernel security update

Source: CCN
Type: RHSA-2010-0053
Important: kernel security and bug fix update

Source: CCN
Type: RHSA-2010-0079
Important: kernel security and bug fix update

Source: CCN
Type: RHSA-2010-0095
Important: rhev-hypervisor security and bug fix update

Source: CCN
Type: SA25505
Linux Kernel VFAT IOCTLs Denial of Service

Source: CCN
Type: The Linux Kernel Archives Web site
ChangeLog-2.6.22-rc1

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-26943
Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: USN-558-1
Linux kernel vulnerabilities

Source: CCN
Type: USN-574-1
Linux kernel vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
linux-kernel-ipv6-dos(39171)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.6.21:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.13:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.14:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.21.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.21.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.21.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.21.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.15:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.21.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.21.7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:17735
    P
    		USN-558-1 -- linux-source-2.6.17/20/22 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:17238
    P
    		USN-574-1 -- linux-source-2.6.17/20/22 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:22036
    P
    		ELSA-2010:0019: kernel security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:22178
    P
    		RHSA-2010:0019: kernel security update (Important)
    2014-02-24
    oval:org.mitre.oval:def:7474
    V
    		Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
    2014-01-20
    oval:org.mitre.oval:def:11083
    V
    		The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
    2013-04-29
    oval:com.redhat.rhsa:def:20100019
    P
    		RHSA-2010:0019: kernel security update (Important)
    2010-01-07
    BACK
    linux linux kernel 2.6.21
    linux linux kernel 2.6.20
    linux linux kernel 2.6.22
    linux linux kernel 2.6.20.1
    linux linux kernel 2.6.20.10
    linux linux kernel 2.6.20.11
    linux linux kernel 2.6.20.12
    linux linux kernel 2.6.20.13
    linux linux kernel 2.6.20.14
    linux linux kernel 2.6.20.2
    linux linux kernel 2.6.20.3
    linux linux kernel 2.6.20.4
    linux linux kernel 2.6.20.5
    linux linux kernel 2.6.20.8
    linux linux kernel 2.6.20.9
    linux linux kernel 2.6.21.1
    linux linux kernel 2.6.21.2
    linux linux kernel 2.6.21.3
    linux linux kernel 2.6.21.4
    linux linux kernel 2.6.20.15
    linux linux kernel 2.6.20.6
    linux linux kernel 2.6.20.7
    linux linux kernel 2.6.21.6
    linux linux kernel 2.6.21.7
    redhat enterprise linux 5
    canonical ubuntu 7.04
    redhat enterprise linux 5
    canonical ubuntu 7.10