Vulnerability Note VU#471084
Linux kernel IP stack incorrectly calculates size of an ICMP citation for ICMP errors
The Linux 2.0 kernel contains a vulnerability in the way it processes ICMP errors. This could lead to portions of memory being leaked to a malicious user.
The Linux 2.0 kernel (versions 2.0 through 2.0.39 inclusive) contains an error in the calculation of the size for an ICMP citation. A citation is created for ICMP error responses. This miscalculation may lead to random data stored in memory being returned in the response.
This vulnerability could be used by an attacker to gain sensitive information about the system, which may aid in an attack.
Sensitive information may be leaked to an attacker.
Upgrade or apply a patch as necessary. Please see the vendor Section to determine if your product is vulnerable.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|WatchGuard||Affected||-||14 Oct 2003|
|Check Point||Not Affected||-||03 Jun 2003|
|Clavister||Not Affected||-||03 Jun 2003|
|Fujitsu||Not Affected||-||26 Jun 2003|
|Hitachi||Not Affected||-||11 Jun 2003|
|Ingrian Networks||Not Affected||-||03 Jun 2003|
|Netscreen||Not Affected||-||03 Jun 2003|
|Novell||Not Affected||-||03 Jun 2003|
|Secure Computing Corporation||Not Affected||-||26 Jun 2003|
|Stonesoft||Not Affected||-||03 Jun 2003|
|Sun Microsystems Inc.||Not Affected||-||03 Jun 2003|
|Symantec Corporation||Not Affected||-||03 Jun 2003|
CVSS Metrics (Learn More)
Thanks to Philippe Biondi of Cartel S e curity for reporting this vulnerability.
This document was written by Jason A Rafail.
- CVE IDs: Unknown
- Date Public: 09 Jun 2003
- Date First Published: 09 Jun 2003
- Date Last Updated: 14 Oct 2003
- Severity Metric: 1.37
- Document Revision: 5
If you have feedback, comments, or additional information about this vulnerability, please send us email.