Linux Kernel "icmp_send ()" null pointer references Remote Denial of Service Vulnerability

Release date:
Updated on:

Affected Systems:
Linux kernel 2.6.38.6
Linux kernel 2.6.38.4
Linux kernel 2.6.38.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 47872

Linux Kernel is the Kernel used by open source Linux.

Linux Kernel "icmp_send ()" has a remote denial of service vulnerability in the implementation of NULL pointer reference. Remote attackers can exploit this vulnerability to cause the affected Kernel to crash and DOS legitimate users, you may also execute arbitrary code.

In the icmp_send () (net/ipv4/icmp. c) function, the parameters sent to the dev_net () function are not correctly verified, and can be used to export NULL pointer references that cause the kernel to crash. Attackers can exploit this bug and cause DoS attacks on specified targets or any 2.6.38.x machines connected to the local network. To cause a crash, attackers need to use IPv4 fragment packets to impact the target. Important Fields in IP Packets:
* Flags: The MF flag must be set;
* Fragment ID: uses the pseudo-random value of this field to quickly fill in the shard queue in the victim kernel, so that it cannot easily re-collect received packets;
* TOS: using the pseudo-random value of this field can trigger the creation of multiple route cache items of the same target address, increasing the error rate.

<* Source: Aristide Fattori
Robert to Paleari (roberto.paleari@emaze.net)

Link: http://marc.info /? L = bugtraq & m = 130556487606617 & w = 2
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Linux
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.kernel.org/