CVE-2004-1137

Currently unrated

Key Information:

Vendor: Linux
Status: Linux Kernel; Ubuntu Linux
Vendor: CVE Published:; 10 January 2005

Summary

Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRAKE

http://marc.info/?l=bugtraq&m=110306397320336&w=2

mailing-listx_refsource_BUGTRAQ

EPSS Score

33% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 10, 2005
Vulnerability Reserved
Dec 6, 2004

Collectors

NVD DatabaseMitre Database