← back
CVE-2006-0454

CVE-2006-0454

EPSS 3.8%
Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors such as (1) record-route and (2) timestamp IP options with the needaddr bit set and a truncated value.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.immunitysec.com/pipermail/dailydave/2006-February/002909.htmlhttp://marc.info/?l=linux-kernel&m=113927617401569&w=2http://marc.info/?l=linux-kernel&m=113927648820694&w=2http://secunia.com/advisories/18766http://secunia.com/advisories/18774http://secunia.com/advisories/18784http://secunia.com/advisories/18788http://secunia.com/advisories/18861https://exchange.xforce.ibmcloud.com/vulnerabilities/24575http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.3http://www.mandriva.com/security/advisories?name=MDKSA-2006:040http://www.novell.com/linux/security/advisories/2006_06_kernel.html