CVE-2007-6282

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.

References

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html

http://marc.info/?l=linux-netdev&m=120372380411259&w=2

http://secunia.com/advisories/30112

http://secunia.com/advisories/30294

http://secunia.com/advisories/30818

http://secunia.com/advisories/30890

http://secunia.com/advisories/30962

http://secunia.com/advisories/31107

http://secunia.com/advisories/31551

http://secunia.com/advisories/31628

http://www.debian.org/security/2008/dsa-1630

http://www.redhat.com/support/errata/RHSA-2008-0237.html

http://www.redhat.com/support/errata/RHSA-2008-0275.html

http://www.redhat.com/support/errata/RHSA-2008-0585.html

http://www.securityfocus.com/bid/29081

http://www.ubuntu.com/usn/usn-625-1

https://bugzilla.redhat.com/show_bug.cgi?id=404291

https://exchange.xforce.ibmcloud.com/vulnerabilities/42276

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10549

Details

Source: MITRE

Published: 2008-05-08

Updated: 2017-09-29

Type: CWE-16

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
79447OracleVM 2.1 : kernel (OVMSA-2008-2005)NessusOracleVM Local Security Checks
high
67691Oracle Linux 5 : kernel (ELSA-2008-0275)NessusOracle Linux Local Security Checks
high
67685Oracle Linux 4 : kernel (ELSA-2008-0237)NessusOracle Linux Local Security Checks
high
60394Scientific Linux Security Update : kernel on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
59128SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5370)NessusSuSE Local Security Checks
high
43685CentOS 5 : kernel (CESA-2008:0275)NessusCentOS Local Security Checks
high
43682CentOS 4 : kernel (CESA-2008:0237)NessusCentOS Local Security Checks
high
34032Debian DSA-1630-1 : linux-2.6 - denial of service/information leakNessusDebian Local Security Checks
high
33531Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/20/22 vulnerabilities (USN-625-1)NessusUbuntu Local Security Checks
critical
33432SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5375)NessusSuSE Local Security Checks
high
33253openSUSE 10 Security Update : kernel (kernel-5339)NessusSuSE Local Security Checks
high
33252openSUSE 10 Security Update : kernel (kernel-5336)NessusSuSE Local Security Checks
high
32391RHEL 5 : kernel (RHSA-2008:0275)NessusRed Hat Local Security Checks
high
32162RHEL 4 : kernel (RHSA-2008:0237)NessusRed Hat Local Security Checks
high
801451CentOS RHSA-2008-0237 Security CheckLog Correlation EngineGeneric
high