mark :: blog

08 Feb 2006: ICMP flaw

On Monday a vulnerability was announced affecting the Linux kernel that could allow a remote attacker who can send a carefully crafted IP packet to cause a denial of service (machine crash). This issue was discovered by Dave Jones and allocated CVE CVE-2006-0454. As Dave notes it's so far proved difficult to reliably trigger (my attempts so far succeed in logging dst badness messages and messing up future ICMP packet receipts, but haven't triggered a crash).

This vulnerability was introduced into the Linux kernel in version 2.6.12 and therefore does not affect users of Red Hat Enterprise Linux 2.1, 3, or 4. An update for Fedora Core 4 was released yesterday.

Created: 08 Feb 2006
Tagged as: , ,

Hi! I'm Mark Cox. This blog gives my thoughts on security work, open source, home automation, and other topics.

popular tags: [all], apache, cve, cvss, fedora, ha, metrics, microsoft, redhat, security

Subscribe to RSS feed