|
| TC: | 12026 | |
| Description: | An "ICMP" tester program found to crash Linux systems remotely exhibited in fact a problem with the processing of IP options in incoming packets. They are supposed to trigger an ICMP parameter problem message, but a kernel bug frees a memory structure twice, resulting in a kernel panic. | |
| TC Impact: | Crash |
| Vulnerability Publication: | June 01, 1999 | |
| Advisory Copyright: | Piotr Wilkin | |
| Summary: | Using IP packets with illegal option fields, an attacker can crash a Linux system remotely. | |
| Risk: | High | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete | |
| CVSS 2.0 Base Score: | 7.8 |
| Vulnerability Impact: |
Denial of Service Crash |
|---|
| Host Impact: | An attacker can crash a Linux 2.2 system remotely. | |
| Nature of Remediation: | Update the software. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Upgrade Software ***** Upgrade to the newer version of Linux Kernel. See references for more details. |
| References: |
| |
| * BUGTRAQ: 19990601 Linux kernel 2.2.x vulnerability/exploit http://marc.info/?l=bugtraq&m=92826247215577&w=2 * DEBIAN: 19990607 http://www.debian.org/security/1999/19990607.en.html * CALDERA: CSSA-1999:013 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-1999:013.0.txt * SUSE: 19990602 Denial of Service on the 2.2 kernel http://www.linuxsecurity.com/content/view/101944/170/ * BID: 302 http://www.securityfocus.com/bid/302 * MISC: http://www.securityfocus.com/archive/1/14036 |
| CVE Link: |
CVE-1999-0804 |
 |
|---|
| Glossary: |
Crash Denial of Service ICMP IP |
|---|