Linux ICMP allows a remote attacker to read random memory on the system
| icmp-read-memory (7998) |  Low Risk |
Description:
The Internet Control Message Protocol (ICMP) implementation in Linux kernel could allow a remote attacker to read the contents of previously allocated memory on the server. A remote attacker can send fragmented ICMP packets to a Linux host to cause the return of an ICMP TTL Exceeded response, which would contain portions of previously allocated memory. The memory may contain information an attacker might find useful in planning further attacks.
Consequences:
Obtain Information
Remedy:
For Red Hat Linux 7.1 and 7.2:
Upgrade to the latest version of Red Hat Linux kernel (2.4.9-21 or later), as listed in Red Hat Errata Advisory RHSA-2002:007-16. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- BugTraq Mailing List, Sun Jan 20 2002 - 03:17:22 CST: remote memory reading through tcp/icmp.
- CVE-2002-0046: Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet.
- OSVDB ID: 5394: Linux Kernel Fragmented ICMP Packet Information Disclosure
- RHSA-2002-007: Updated 2.4 kernel available
Platforms Affected:
- Linux Kernel
- RedHat Linux 7
- RedHat Linux 7.1
- RedHat Linux 7.2
- RedHat Linux 7.3
Reported:
Jan 09, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net