CVE-2008-2136 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2008-2136?

CVE-2008-2136 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-2136?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 2.4.0, < 2.4.36.5
Debian	Debian Linux	4.0
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-399

References

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.htmlThird Party Advisory
http://marc.info/?l=linux-netdev&m=121031533024912&w=2Mailing ListThird Party Advisory
http://secunia.com/advisories/30198Third Party Advisory
http://secunia.com/advisories/30241Third Party Advisory
http://secunia.com/advisories/30276Third Party Advisory
http://secunia.com/advisories/30368Third Party Advisory
http://secunia.com/advisories/30499Third Party Advisory
http://secunia.com/advisories/30818Third Party Advisory
http://secunia.com/advisories/30962Third Party Advisory
http://secunia.com/advisories/31107Third Party Advisory
http://secunia.com/advisories/31198Third Party Advisory
http://secunia.com/advisories/31341Third Party Advisory
http://secunia.com/advisories/31628Third Party Advisory

FAQ

What is CVE-2008-2136?

CVE-2008-2136 is a vulnerability with a CVSS score of 7.8 (HIGH). Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via ne...

How severe is CVE-2008-2136?

CVE-2008-2136 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-2136?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Canonical Ubuntu Linux.