CVE-2007-2172 — MEDIUM (4.7)

Q: How severe is CVE-2007-2172?

CVE-2007-2172 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-2172?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.

CVSS Score

4.7

MEDIUM

AV:L/AC:M/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 2.4.0, < 2.4.35
Debian	Debian Linux	3.1
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-20

References

http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc6Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2007-0488.htmlThird Party Advisory
http://secunia.com/advisories/25068Third Party Advisory
http://secunia.com/advisories/25288Third Party Advisory
http://secunia.com/advisories/25392Third Party Advisory
http://secunia.com/advisories/25838Third Party Advisory
http://secunia.com/advisories/26289Third Party Advisory
http://secunia.com/advisories/26450Third Party Advisory
http://secunia.com/advisories/26620Third Party Advisory
http://secunia.com/advisories/26647Third Party Advisory
http://secunia.com/advisories/27913Third Party Advisory
http://secunia.com/advisories/29058Third Party Advisory
http://secunia.com/advisories/33280Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-287.htmThird Party Advisory
http://www.debian.org/security/2007/dsa-1356Third Party Advisory

FAQ

What is CVE-2007-2172?

CVE-2007-2172 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fi...

How severe is CVE-2007-2172?

CVE-2007-2172 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-2172?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Canonical Ubuntu Linux.