{
  "threat_severity" : "Moderate",
  "public_date" : "2010-11-25T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: unlimited socket backlog DoS",
    "id" : "657303",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=657303"
  },
  "cvss" : {
    "cvss_base_score" : "6.1",
    "cvss_scoring_vector" : "AV:A/AC:L/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "details" : [ "The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests." ],
  "statement" : "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG as they have already backported the fixes for this issue. Future kernel updates in Red Hat Enterprise Linux 6 may address this flaw. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2011-03-01T00:00:00Z",
    "advisory" : "RHSA-2011:0303",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-238.5.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0542",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-131.0.15.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.0 EUS - Server Only",
    "release_date" : "2011-06-21T00:00:00Z",
    "advisory" : "RHSA-2011:0883",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.0",
    "package" : "kernel-0:2.6.32-71.31.1.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-4251\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-4251" ],
  "name" : "CVE-2010-4251",
  "csaw" : false
}