CVE-2009-0778

2009-03-1215:20:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

linux

kernel

cve-2009-0778

denial of service

vulnerability

reject route

icmp

connectivity outage

nvd

4 Medium

AI Score

Confidence

High

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.1%

JSON

The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an “rt_cache leak.”

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.11
linux:linux_kernellinux linux kerneleq2.6.20.6
linux:linux_kernellinux linux kerneleq2.6.4
linux:linux_kernellinux linux kerneleq2.6.17
linux:linux_kernellinux linux kerneleq2.6.20.9
linux:linux_kernellinux linux kerneleq2.6.18
linux:linux_kernellinux linux kerneleq2.6.23.4
linux:linux_kernellinux linux kerneleq2.6.22.15
linux:linux_kernellinux linux kerneleq2.6.16.16
linux:linux_kernellinux linux kerneleq2.6.20

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.11
linux:linux_kernel	linux linux kernel	eq	2.6.20.6
linux:linux_kernel	linux linux kernel	eq	2.6.4
linux:linux_kernel	linux linux kernel	eq	2.6.17
linux:linux_kernel	linux linux kernel	eq	2.6.20.9
linux:linux_kernel	linux linux kernel	eq	2.6.18
linux:linux_kernel	linux linux kernel	eq	2.6.23.4
linux:linux_kernel	linux linux kernel	eq	2.6.22.15
linux:linux_kernel	linux linux kernel	eq	2.6.16.16
linux:linux_kernel	linux linux kernel	eq	2.6.20