Clavister Information for VU#471084

Linux kernel IP stack incorrectly calculates size of an ICMP citation for ICMP errors

Status

Not Affected

Vendor Statement

Clavister Firewall: Not vulnerable

Clavister Firewall uses its own self-contained operating system and is, as such, not affected by Linux bugs.

It can, however, protect vulnerable linux machines by blocking ICMP errors and stripping the "Don't Fragment" bit of all packets that pass through it to avoid the Path MTU Discovery "black holes" that otherwise result from blocking ICMP errors.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.