HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2010-56
Linux Kernel ULE Remote Denial of Service Vulnerability

Original Issue Date: March 10, 2010

Severity Rating: Medium

System Affected

  • Linux Kernel version 2.6.33 and prior

Overview

A vulnerability has been reported in the Linux Kernel ULE 2.6.33 and prior, which could be exploited by a remote attacker to cause a DoS (Denial of Service) conditions on the affected systems.

Description

Unidirectional Lightweight Encapsulation(ULE) is used to encapsulate IP datagrams over MPEG-2 transport streams.

This vulnerability occurs in the "dvb_net_ule()" function of the "drivers/media/dvb/dvb-core/dvb_net.c " file. A remote attacker could exploit this vulnerability by sending a malformed DVB/MPEG2-TS frame, which causes an infinite loop condition in dvb_net_ule() function. Successful exploitation of this vulnerability could cause Denial of Service (DoS) condition.

Solution

Upgrade to linux kernel version 2.6.34-rc1
http://www.kernel.org/

Vendor Information

Kernel.org
http://www.kernel.org/

References

Securityfocus
http://www.securityfocus.com/bid/38479

Kernel.org
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=29e1fa3565a7951cc415c634eb2b78
dbdbee151d

RedHat
https://bugzilla.redhat.com/show_bug.cgi?id=569237

Global Security
http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20100302,16315.html

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003