5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.008 Low
EPSS
Percentile
81.6%
The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before
2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a
timeout, which allows remote attackers to cause a denial of service
(invalid pointer dereference) via crafted fragmented packets.
Author | Note |
---|---|
jdstrand | 2.6.38 only? |
apw | this report and the fix overlapped with each other commit below was identified as the fix: 64f3b9e203bd06855072e295557dca1485a2ecba |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.10 | noarch | linux | < 2.6.35-32.66 | UNKNOWN |
ubuntu | 11.04 | noarch | linux | < 2.6.38-10.44 | UNKNOWN |
ubuntu | 11.10 | noarch | linux | < 2.6.39-3.9 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-maverick | < 2.6.35-32.66~lucid1 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-natty | < 2.6.38-10.44~lucid1 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-oneiric | < 3.0.0-5.6~lucid1 | UNKNOWN |
ubuntu | 10.10 | noarch | linux-ti-omap4 | < 2.6.35-903.31 | UNKNOWN |
ubuntu | 11.04 | noarch | linux-ti-omap4 | < 2.6.38-1209.22 | UNKNOWN |
ubuntu | 11.10 | noarch | linux-ti-omap4 | < 3.0.0-1200.1 | UNKNOWN |
marc.info/?l=linux-netdev&m=130558001727019&w=2
packetstormsecurity.org/files/view/101475/linux2638-null.txt
seclists.org/bugtraq/2011/May/123
launchpad.net/bugs/cve/CVE-2011-1927
nvd.nist.gov/vuln/detail/CVE-2011-1927
security-tracker.debian.org/tracker/CVE-2011-1927
ubuntu.com/security/notices/USN-1167-1
ubuntu.com/security/notices/USN-1379-1
ubuntu.com/security/notices/USN-1383-1
ubuntu.com/security/notices/USN-1387-1
ubuntu.com/security/notices/USN-1394-1
www.cve.org/CVERecord?id=CVE-2011-1927