CVE Vulnerability

CVE-2008-3686

The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference.

4.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

Scope

References
Link Resource
http://lkml.org/lkml/2008/8/7/230 Exploit
http://lkml.org/lkml/2008/8/8/7 Exploit
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5e0115e500fe9dd2ca11e6f92db9123204f1327a
http://secunia.com/advisories/31579 Vendor Advisory
http://www.vupen.com/english/advisories/2008/2422 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44605
Configurations

Configuration 1

cpe:2.3:o:linux:linux_kernel:2.6.26:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.26.2:*:*:*:*:*:*:*
Information

Published : 2008-08-14 10:41

Updated : 2017-08-08 01:32

NVD link : CVE-2008-3686

Mitre link : CVE-2008-3686

Products Affected
No products.
CWE
CWE-399