CVE-2004-1137
Published: 10 January 2005
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
kernel-source-2.4.27 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.4.27-12)
|
| edgy |
Released
(2.4.27-12)
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.15-29.58)
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
linux-source-2.6.17 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Released
(2.6.17.1-12.40)
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|