Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2011-1927

Published: 18 May 2011

The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets.

From the Ubuntu Security Team

Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service.

Notes

AuthorNote
jdstrand
2.6.38 only?
apw
this report and the fix overlapped with each other commit below was
identified as the fix:
64f3b9e203bd06855072e295557dca1485a2ecba

Priority

High

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid Not vulnerable

maverick
Released (2.6.35-32.66)
natty
Released (2.6.38-10.44)
oneiric
Released (2.6.39-3.9)
upstream
Released (2.6.39)
Patches:
Introduced by

4a94445c9a5cf5461fb41d80040033b9a8e2a85a

Fixed by 64f3b9e203bd06855072e295557dca1485a2ecba
linux-ec2
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Ignored
(end of life)
natty Does not exist

oneiric Does not exist

upstream
Released (2.6.39)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream
Released (2.6.39)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (2.6.35-32.66~lucid1)
maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream
Released (2.6.39)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (2.6.38-10.44~lucid1)
maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream
Released (2.6.39)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (3.0.0-5.6~lucid1)
maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream
Released (2.6.39)
linux-mvl-dove
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Not vulnerable

natty Does not exist

oneiric Does not exist

upstream
Released (2.6.39)
linux-ti-omap4
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick
Released (2.6.35-903.31)
natty
Released (2.6.38-1209.22)
oneiric
Released (3.0.0-1200.1)
upstream
Released (2.6.39)