CVE-2011-1927
Published: 18 May 2011
The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets.
From the Ubuntu Security Team
Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service.
Notes
| Author | Note |
|---|---|
| jdstrand | 2.6.38 only? |
| apw | this report and the fix overlapped with each other commit below was identified as the fix: 64f3b9e203bd06855072e295557dca1485a2ecba |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
| lucid |
Not vulnerable
|
|
| maverick |
Released
(2.6.35-32.66)
|
|
| natty |
Released
(2.6.38-10.44)
|
|
| oneiric |
Released
(2.6.39-3.9)
|
|
| upstream |
Released
(2.6.39)
|
|
|
Patches: Introduced by 4a94445c9a5cf5461fb41d80040033b9a8e2a85a |
||
|
linux-ec2 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Released
(2.6.39)
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Released
(2.6.39)
|
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(2.6.35-32.66~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Released
(2.6.39)
|
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(2.6.38-10.44~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Released
(2.6.39)
|
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Released
(3.0.0-5.6~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Released
(2.6.39)
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| maverick |
Not vulnerable
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Released
(2.6.39)
|
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| maverick |
Released
(2.6.35-903.31)
|
|
| natty |
Released
(2.6.38-1209.22)
|
|
| oneiric |
Released
(3.0.0-1200.1)
|
|
| upstream |
Released
(2.6.39)
|
|
References
- http://seclists.org/bugtraq/2011/May/123
- http://packetstormsecurity.org/files/view/101475/linux2638-null.txt
- http://marc.info/?l=linux-netdev&m=130558001727019&w=2
- https://ubuntu.com/security/notices/USN-1167-1
- https://ubuntu.com/security/notices/USN-1379-1
- https://ubuntu.com/security/notices/USN-1383-1
- https://ubuntu.com/security/notices/USN-1387-1
- https://ubuntu.com/security/notices/USN-1394-1
- https://www.cve.org/CVERecord?id=CVE-2011-1927
- NVD
- Launchpad
- Debian