[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-0454Date: (C)2006-02-07   (M)2023-12-22


Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors such as (1) record-route and (2) timestamp IP options with the needaddr bit set and a truncated value.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
BID-16532
SECUNIA-18766
SECUNIA-18774
SECUNIA-18784
SECUNIA-18788
SECUNIA-18861
2006-0006
ADV-2006-0464
FEDORA-2006-102
FLSA:157459-4
MDKSA-2006:040
SUSE-SA:2006:006
USN-250-1
http://lists.immunitysec.com/pipermail/dailydave/2006-February/002909.html
http://marc.info/?l=linux-kernel&m=113927617401569&w=2
http://marc.info/?l=linux-kernel&m=113927648820694&w=2
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.3
kernel-icmp-ipoptionsecho-dos(24575)

CPE    42
cpe:/o:linux:linux_kernel:2.6.15
cpe:/o:linux:linux_kernel:2.6.14
cpe:/o:linux:linux_kernel:2.6.13
cpe:/o:linux:linux_kernel:2.6.12
...
CWE    1
CWE-399

© SecPod Technologies