CVE-2006-0454 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-0454
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0454

Description: Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors such as (1) record-route and (2) timestamp IP options with the needaddr bit set and a truncated value.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/24575 UBUNTU http://www.ubuntu.com/usn/usn-250-1 TRUSTIX http://www.trustix.org/errata/2006/0006 SUSE http://www.novell.com/linux/security/advisories/2006_06_kernel.html SAID Secunia Advisory: SA18788 Secunia Advisory: SA18861 Secunia Advisory: SA18766 Secunia Advisory: SA18774 Secunia Advisory: SA18784 MLIST http://lists.immunitysec.com/pipermail/dailydave/2006-February/002909.html http://marc.theaimsgroup.com/?l=linux-kernel&m=113927648820694&w=2 http://marc.theaimsgroup.com/?l=linux-kernel&m=113927617401569&w=2 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:040 FEDORA http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00037.html http://www.securityfocus.com/archive/1/archive/1/427981/100/0/threaded CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.3 BID 16532

Return to the previous page.