CVE-2007-1388

Linux Kernel < 2.6.19.7 - Denial of Service via IPV6_RTHDR Setsockopt NULL Pointer Dereference

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1388. PoCs published by Joey Mengele.

AI-analyzed exploit summary This exploit leverages a NULL-pointer dereference vulnerability in the Linux kernel (CVE-2007-1388) to read arbitrary kernel memory addresses. It uses socket options with IPPROTO_IPV6 to trigger the vulnerability and dump kernel memory contents.

Description

The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Joey Mengele · cdoslinux

https://www.exploit-db.com/exploits/29781

View Code ZIP pw:eip

This exploit leverages a NULL-pointer dereference vulnerability in the Linux kernel (CVE-2007-1388) to read arbitrary kernel memory addresses. It uses socket options with IPPROTO_IPV6 to trigger the vulnerability and dump kernel memory contents.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (versions affected by CVE-2007-1388)

No auth needed

Prerequisites: Local access to the target system · Kernel version vulnerable to CVE-2007-1388

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15

Core References

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-1154

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-464-1

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1122

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/23142

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24901

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:078

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24777

Various Sources vendor-advisory x_refsource_suse

http://lists.suse.com/archive/suse-security-announce/2007-May/0001.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25099

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0169.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25080

Issue Tracking x_refsource_misc

http://bugzilla.kernel.org/show_bug.cgi?id=8155

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25392

Vendor Advisory x_refsource_confirm

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.4

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11509

Scores

EPSS 0.0055

EPSS Percentile 41.6%

Details

CWE

CWE-399

Status published

Products (50)

linux/linux_kernel 2.6.0

linux/linux_kernel 2.6.1

linux/linux_kernel 2.6.2

linux/linux_kernel 2.6.10

linux/linux_kernel 2.6.11

linux/linux_kernel 2.6.11.1

linux/linux_kernel 2.6.11.2

linux/linux_kernel 2.6.11.3

linux/linux_kernel 2.6.11.4

linux/linux_kernel 2.6.11.5

... and 40 more

Published Mar 10, 2007

Tracked Since Feb 18, 2026