Vulnerability-Lookup

CERTA-2006-AVI-064

Vulnerability from certfr_avis - Published: 2006-02-08 - Updated: 2006-02-08

Une vulnérabilité du noyau Linux permet à un utilisateur distant de provoquer un déni de service du système vulnérable.

Description

Une erreur dans la fonction ip_options_echo() du fichier icmp.c servant à la construction d'une réponse ICMP (Internet Control Message Protocol) permet à un utilisateur distant de provoquer un déni de service sur le système vulnérable par le biais d'un paquet ICMP malicieusement construit.

Solution

La version 2.6.15.3 du noyau Linux corrige le problème :

http://www.kernel.org

Les noyaux Linux versions 2.6.15.2 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Liste des changements appliqués dans la version 2.6.15.3 du noyau Linux	None	vendor-advisory
Site du noyau Linux :	-	other
Liste des changements apportés dans la version 2.6.15.3 du noyau Linux :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes noyaux Linux versions 2.6.15.2 et  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nUne erreur dans la fonction ip_options_echo() du fichier icmp.c servant\n\u00e0 la construction d\u0027une r\u00e9ponse ICMP (Internet Control Message Protocol)\npermet \u00e0 un utilisateur distant de provoquer un d\u00e9ni de service sur le\nsyst\u00e8me vuln\u00e9rable par le biais d\u0027un paquet ICMP malicieusement\nconstruit.\n\n## Solution\n\nLa version 2.6.15.3 du noyau Linux corrige le probl\u00e8me :\n\n    http://www.kernel.org\n",
  "cves": [],
  "initial_release_date": "2006-02-08T00:00:00",
  "last_revision_date": "2006-02-08T00:00:00",
  "links": [
    {
      "title": "Site du noyau Linux :",
      "url": "http://www.kernel.org"
    },
    {
      "title": "Liste des changements apport\u00e9s dans la version 2.6.15.3 du    noyau Linux :",
      "url": "http://wwww.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.3"
    }
  ],
  "reference": "CERTA-2006-AVI-064",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-02-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 du noyau Linux permet \u00e0 un utilisateur distant de\nprovoquer un d\u00e9ni de service du syst\u00e8me vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du noyau Linux",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Liste des changements appliqu\u00e9s dans la version 2.6.15.3 du noyau Linux",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted