Clavister Information for VU#471084
Linux kernel IP stack incorrectly calculates size of an ICMP citation for ICMP errors
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 03 Jun 2003
Clavister Firewall: Not vulnerable
Clavister Firewall uses its own self-contained operating system and is, as such, not affected by Linux bugs.
It can, however, protect vulnerable linux machines by blocking ICMP errors and stripping the "Don't Fragment" bit of all packets that pass through it to avoid the Path MTU Discovery "black holes" that otherwise result from blocking ICMP errors.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.