CVE-2011-1927

Published: 18 May 2011

The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets.

From the Ubuntu security team

Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service.

Priority

High

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39)
Patches:
Introduced by 4a94445c9a5cf5461fb41d80040033b9a8e2a85a
Fixed by 64f3b9e203bd06855072e295557dca1485a2ecba
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.39)