Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 up to and including 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel 2.6.17 |
||
linux linux kernel 2.6.19 |
||
linux linux kernel 2.6.18 |
||
linux linux kernel 2.6.20 |