First published: Fri Jul 27 2018(Updated: )
It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux kernel | <2.6.22.17 | |
Red Hat Enterprise Linux Desktop | =5.0 | |
Red Hat Enterprise Linux Server | =5.0 | |
Red Hat Enterprise Linux Server | =5.6 | |
Red Hat Enterprise Linux Server | =5.9 | |
Red Hat Enterprise Linux Workstation | =5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-2634 is considered a medium severity vulnerability due to the potential for a remote attacker to cause a denial of service.
To remediate CVE-2017-2634, upgrade to a patched version of the Linux kernel or the affected Red Hat Enterprise Linux products.
CVE-2017-2634 affects Linux kernel versions prior to 2.6.22.17.
Yes, CVE-2017-2634 can affect both IPv4 and IPv6 DCCP connections due to the flawed implementation.
Yes, Red Hat Enterprise Linux Desktop and Server versions 5.0, along with specific versions, are affected by CVE-2017-2634.