| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability note CVE-2010-2529
iputils: denial of service of ping
Synthesis of the vulnerability
| A server can send a malicious ICMP reply, in order to generate an infinite loop in the ping tool. |
Severity: 1/4.
Creation date: 23/07/2010.
|
Description of the vulnerability
The iputils suite contains network tools, such as ping and traceroute6.
The ping tool sends an IPv4+ICMP_Echo_Request to a remote computer, which answers with an IPv4+ICMP_Echo_Reply packet.
If the remote computer sends an answer containing an IPv4 Timestamp option, the pr_options() function of ping.c decodes its. However, this function is invalid, and an infinite loop occurs.
A server can therefore send a malicious ICMP reply, in order to generate an infinite loop in the ping tool. |
Complete Vigil@nce bulletin
Characteristics
Title: iputils: denial of service of ping.
Keywords: ICMP ICMP_Echo_Reply ICMP_Echo_Request IPv4 Timestamp denial iputils ping pr_options service traceroute6.
Identifiers: BID-41911, CVE-2010-2529, FEDORA-2010-12252, FEDORA-2010-12273, MDVSA-2010:138, VIGILANCE-VUL-9784.
|
Information sources
Solutions for this vulnerability
Supplements
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Security vulnerability alerts
|
