The Linux 2.0 kernel contains a vulnerability in the way it processes ICMP errors. This could lead to portions of memory being leaked to a malicious user.
The Linux 2.0 kernel (versions 2.0 through 2.0.39 inclusive) contains an error in the calculation of the size for an ICMP citation. A citation is created for ICMP error responses. This miscalculation may lead to random data stored in memory being returned in the response.
This vulnerability could be used by an attacker to gain sensitive information about the system, which may aid in an attack.
Sensitive information may be leaked to an attacker.
Upgrade or apply a patch as necessary. Please see the vendor Section to determine if your product is vulnerable.
Thanks to Philippe Biondi of Cartel Security for reporting this vulnerability.
This document was written by Jason A Rafail.
|Date First Published:||2003-06-09|
|Date Last Updated:||2003-10-14 17:40 UTC|