SB2007050302 - Missing authorization in Linux kernel ipv4
Published: May 3, 2007
Security Bulletin ID
SB2007050302
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Missing authorization (CVE-ID: CVE-2007-2480)
The vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to missing authorization error within the __udp_lib_get_port() function in net/ipv4/udp.c. A local user can read and manipulate data.
Remediation
Install update from vendor's website.