CVE-2011-1927
Published: 18 May 2011
The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets.
From the Ubuntu security team
Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service.
Priority
High
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39)
|
|
Patches: Introduced by 4a94445c9a5cf5461fb41d80040033b9a8e2a85a Fixed by 64f3b9e203bd06855072e295557dca1485a2ecba |
||
|
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39)
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39)
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.39)
|
Notes
| Author | Note |
|---|---|
| jdstrand | 2.6.38 only? |
| apw | this report and the fix overlapped with each other commit below was identified as the fix: 64f3b9e203bd06855072e295557dca1485a2ecba |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1927
- http://seclists.org/bugtraq/2011/May/123
- http://packetstormsecurity.org/files/view/101475/linux2638-null.txt
- http://marc.info/?l=linux-netdev&m=130558001727019&w=2
- https://usn.ubuntu.com/usn/usn-1167-1
- https://usn.ubuntu.com/usn/usn-1379-1
- https://usn.ubuntu.com/usn/usn-1383-1
- https://usn.ubuntu.com/usn/usn-1387-1
- https://usn.ubuntu.com/usn/usn-1394-1
- NVD
- Launchpad
- Debian