Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1339

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-1999-1339
Last Modified 05 Sep 2008 04:19:17
Published 31 Dec 1999 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-1999-1339

Summary

Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.

Vulnerable Systems

Operating System

  • Freebsd 3.2

  • Linux Kernel 2.2.10


References

CONFIRM - http://www.kernel.org/pub/linux/kernel/v2.2/patch-2.2.11.gz

BUGTRAQ - 19990722 Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10)

BUGTRAQ - 19990722 Linux +ipchains+ ping -R

OSVDB - 6105

XF - ipchains-ping-route-dos(7257)


Last Updated: 27 May 2016 10:35:23