CVE-2007-1000

Linux kernel <2.6.20.2 - Info Disclosure

Title source: llm

Description

The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dreyer · clocallinux

https://www.exploit-db.com/exploits/4172

View Code ZIP pw:eip

References (26)

[Issue Tracking] http://bugzilla.kernel.org/show_bug.cgi?id=8134

[Mailing List] http://fedoranews.org/cms/node/2787

[Mailing List] http://fedoranews.org/cms/node/2788

[Various Sources] http://lists.suse.com/archive/suse-security-announce/2007-May/0001.html

[Third Party Advisory] http://secunia.com/advisories/24493

[US Government Resource] http://www.kb.cert.org/vuls/id/920689

[Vendor Advisory] http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.2

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2007:078

[Third Party Advisory, VDB Entry] http://www.osvdb.org/33025

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2007-0169.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/471457

[Exploit, Patch] http://www.securityfocus.com/bid/22904

[Vendor Advisory] http://www.ubuntu.com/usn/usn-486-1

[Vendor Advisory] http://www.ubuntu.com/usn/usn-489-1

[Various Sources] http://www.wslabi.com/wabisabilabi/initPublishedBid.do?

[Issue Tracking] https://issues.rpath.com/browse/RPL-1153

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10015

[Third Party Advisory] http://secunia.com/advisories/24518

[Third Party Advisory] http://secunia.com/advisories/24777

[Third Party Advisory] http://secunia.com/advisories/24901

... and 6 more

Scores

EPSS 0.0024

EPSS Percentile 46.2%

Classification

Status draft

Affected Products (1)

linux/linux_kernel < 2.6.20.1

Timeline

Published Mar 12, 2007

Tracked Since Feb 18, 2026