CVE-2007-6282

Executive Summary

Informations
Name	CVE-2007-6282	First vendor Publication	2008-05-07
Vendor	Cve	Last vendor Modification	2010-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.1	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6282

CWE : Common Weakness Enumeration

id	Name
CWE-16	Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10549

Oval ID:	oval:org.mitre.oval:def:10549
Title:	The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.
Description:	The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-6282	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kernel-xenU is earlier than 0:2.6.9-67.0.15.EL AND kernel-hugemem is earlier than 0:2.6.9-67.0.15.EL AND kernel-hugemem-devel is earlier than 0:2.6.9-67.0.15.EL AND kernel-xenU-devel is earlier than 0:2.6.9-67.0.15.EL AND kernel-smp-devel is earlier than 0:2.6.9-67.0.15.EL AND kernel-largesmp-devel is earlier than 0:2.6.9-67.0.15.EL AND kernel is earlier than 0:2.6.9-67.0.15.EL AND kernel-devel is earlier than 0:2.6.9-67.0.15.EL AND kernel-doc is earlier than 0:2.6.9-67.0.15.EL AND kernel-largesmp is earlier than 0:2.6.9-67.0.15.EL AND kernel-smp is earlier than 0:2.6.9-67.0.15.EL OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section kernel-kdump is earlier than 0:2.6.18-53.1.21.el5 AND kernel-debug is earlier than 0:2.6.18-53.1.21.el5 AND kernel-xen is earlier than 0:2.6.18-53.1.21.el5 AND kernel-headers is earlier than 0:2.6.18-53.1.21.el5 AND kernel-kdump-devel is earlier than 0:2.6.18-53.1.21.el5 AND kernel-xen-devel is earlier than 0:2.6.18-53.1.21.el5 AND kernel is earlier than 0:2.6.18-53.1.21.el5 AND kernel-PAE-devel is earlier than 0:2.6.18-53.1.21.el5 AND kernel-devel is earlier than 0:2.6.18-53.1.21.el5 AND kernel-PAE is earlier than 0:2.6.18-53.1.21.el5 AND kernel-debug-devel is earlier than 0:2.6.18-53.1.21.el5 AND kernel-doc is earlier than 0:2.6.18-53.1.21.el5

CPE : Common Platform Enumeration

Type	Description	Count
Os	Redhat Enterprise Linux cpe:/o:redhat:enterprise_linux:ws_4 cpe:/o:redhat:enterprise_linux:es_4 cpe:/o:redhat:enterprise_linux:as_4	3
Os	Redhat Enterprise Linux Desktop cpe:/o:redhat:enterprise_linux_desktop:4	1

Open Source Vulnerability Database (OSVDB)

id	Description
44930	Linux Kernel IPsec Implementation Malformed Fragmented ESP Packet Remote DoS

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/29081
DEBIAN	http://www.debian.org/security/2008/dsa-1630
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=404291
MLIST	http://marc.info/?l=linux-netdev&m=120372380411259&w=2
REDHAT	http://www.redhat.com/support/errata/RHSA-2008-0237.html http://www.redhat.com/support/errata/RHSA-2008-0275.html http://www.redhat.com/support/errata/RHSA-2008-0585.html
SECUNIA	http://secunia.com/advisories/30112 http://secunia.com/advisories/30294 http://secunia.com/advisories/30818 http://secunia.com/advisories/30890 http://secunia.com/advisories/30962 http://secunia.com/advisories/31107 http://secunia.com/advisories/31551 http://secunia.com/advisories/31628
SUSE	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
UBUNTU	http://www.ubuntu.com/usn/usn-625-1
XF	http://xforce.iss.net/xforce/xfdb/42276

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 10:43:38	Multiple Updates

Type	Count
Oval ID(s)	1
CPE ID(s)	4
osvdb(s)	1

Related	Severity
USN-625-1	(Critical)
RHSA-2008:0585	(High)
RHSA-2008:0237	(High)
DSA-1630	(High)
RHSA-2008:0275	(High)

Same Subject	Severity
Login to view 23 more Alert(s)

CVE-2007-6282

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU