The Linux 2.0 kernel contains a vulnerability in the way it processes ICMP errors. This could lead to portions of memory being leaked to a malicious user.
The Linux 2.0 kernel (versions 2.0 through 2.0.39 inclusive) contains an error in the calculation of the size for an ICMP citation. A citation is created for ICMP error responses. This miscalculation may lead to random data stored in memory being returned in the response.
This vulnerability could be used by an attacker to gain sensitive information about the system, which may aid in an attack.
Sensitive information may be leaked to an attacker.
Upgrade or apply a patch as necessary. Please see the vendor Section to determine if your product is vulnerable.
Check Point Not Affected
Clavister Not Affected
Fujitsu Not Affected
Hitachi Not Affected
Ingrian Networks Not Affected
Netscreen Not Affected
Novell Not Affected
Secure Computing Corporation Not Affected
Stonesoft Not Affected
Sun Microsystems Inc. Not Affected
Symantec Corporation Not Affected
Thanks to Philippe Biondi of Cartel Security for reporting this vulnerability.
This document was written by Jason A Rafail.
|Date First Published:||2003-06-09|
|Date Last Updated:||2003-10-14 17:40 UTC|