Published: 22/11/2010 Updated: 13/02/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 500

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel prior to 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.37
linux linux kernel
suse linux enterprise desktop 11
suse linux enterprise server 11
opensuse opensuse 11.2
opensuse opensuse 11.3
suse linux enterprise real time extension 11

Multiple kernel flaws ...

An attacker could send crafted input to the kernel and cause it to crash ...

Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel ...

Multiple kernel vulnerablilities ...

Multiple kernel flaws ...

Multiple kernel flaws have been fixed ...

/* * TCP_MAXSEG Kernel Panic DoS for Linux < 2637-rc2 * by zx2c4 * * This exploit triggers CVE-2010-4165, a divide by zero * error in net/ipv4/tcpc Because this is on the softirq * path, the kernel oopses and then completely dies with * no chance of recovery It has been very reliable as a * DoS, but is not useful for triggering othe ...

/* Linux Kernel <= 2637 local kernel DoS (CVE-2010-4165) * ======================================================= * A divide by 0 error occurs in tcp_select_initial_window * when processing user supplied TCP_MAXSEG facilitating a * local denial-of-service condition (kernel oops!) in all * Linux Kernel 26x branch (2637 & below) T ...

Linux kernel versions prior to 2637-rc2 TCP_MAXSEG kernel panic denial of service exploit that triggers a divide by zero error in net/ipv4/tcpc ...

Linux kernel versions 2637 and below local kernel denial of service exploit that leverages a divide-by-zero error in tcp_select_initial_window when processing user supplied TCP_MAXSEG ...

CWE-369 http://www.spinics.net/lists/netdev/msg146405.html http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2 https://bugzilla.redhat.com/show_bug.cgi?id=652508 http://www.osvdb.org/69241 http://www.openwall.com/lists/oss-security/2010/11/12/1 http://www.openwall.com/lists/oss-security/2010/11/12/4 http://www.spinics.net/lists/netdev/msg146495.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://www.vupen.com/english/advisories/2011/0012 http://secunia.com/advisories/42778 http://secunia.com/advisories/42801 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://www.securityfocus.com/bid/44830 http://www.vupen.com/english/advisories/2011/0124 http://secunia.com/advisories/42932 http://www.vupen.com/english/advisories/2011/0298 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 http://securityreason.com/securityalert/8123 http://securityreason.com/securityalert/8111 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2 https://nvd.nist.gov https://www.exploit-db.com/exploits/16952/https://usn.ubuntu.com/1083-1/

CVE-2010-4165

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect