CVE-2007-2480

Publication date 3 May 2007

Last updated 24 July 2024

The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	8.04 LTS hardy	Not affected
linux-source-2.6.15	6.06 LTS dapper	Not affected
linux-source-2.6.17	6.10 edgy	Not affected
linux-source-2.6.20	7.04 feisty	Ignored end of life
linux-source-2.6.22	7.10 gutsy	Fixed 2.6.22-12.39

How can I get the fixes?
What do statuses mean?

Notes

kees

Cannot reproduce. Is this really an issue for kernels prior to 2.6.21?

References

MITRE
NVD
Launchpad
Debian

Other references

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=de34ed91c4ffa4727964a832c46e624dd1495cf5
https://www.cve.org/CVERecord?id=CVE-2007-2480