** Description changed: - The skb argument to cipso_v4_validate() is NULL when called via the - setsockopt() syscall. An local user able to set CIPSO IP options on the - socket could use this flaw to crash the system. + The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux + kernel before 3.4.8 allows local users to cause a denial of service + (NULL pointer dereference and system crash) or possibly have unspecified + other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. Break-Fix: - 89d7ae34cdda4195809a5a987f697a517a2a3177
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1130950 Title: CVE-2013-0310 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1130950/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
