netfilter관련 문제라고 하는군요.linux kernel 2.6.x대 모두 해당한다고 합니다.
NETFILTER: {ip, nf}_conntrack_sctp: fix remotely triggerable NULL ptr dereference [CVE-2007-2876]
When creating a new connection by sending an unknown chunk type, we don't transition to a valid state,
causing a NULL pointer dereference in sctp_packet when accessing sctp_timeouts[SCTP_CONNTRACK_NONE].
Fix by don't creating new conntrack entry if initial state is invalid. Noticed by Vilmos Nebehaj
관련링크 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2876
'Security' 카테고리의 다른 글
| Stack buffer overflow in nmbd's logon & Remote Code Execution in Samba's nmbd (2) | 2007.11.16 |
|---|---|
| 제로보드4 원격코드실행 취약점 (0) | 2007.11.08 |
| Drupal Multiple cross site scripting vulnerabilities (1) | 2007.07.27 |
| Samba Remote Command Injection & 3.0.25 release (2) | 2007.06.15 |
| SQL Injection and XSS 진단 스크립트 (0) | 2007.02.01 |