Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-0778
HistoryMar 12, 2009 - 12:00 a.m.

CVE-2009-0778

2009-03-1200:00:00
ubuntu.com
ubuntu.com
9

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.0%

The icmp_send function in net/ipv4/icmp.c in the Linux kernel before
2.6.25, when configured as a router with a REJECT route, does not properly
manage the Protocol Independent Destination Cache (aka DST) in some
situations involving transmission of an ICMP Host Unreachable message,
which allows remote attackers to cause a denial of service (connectivity
outage) by sending a large series of packets to many destination IP
addresses within this REJECT route, related to an β€œrt_cache leak.”

Notes

Author Note
smb The commit which (according to the commit message) introduced the problem was in v2.6.25-rc1, the fix in v2.6.25-rc8. So Dapper and Hardy are not affected.

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.0%