Main Vulnerability Database SB2003072401

SB2003072401 - Missing release of memory after effective lifetime in Linux kernel

Published: July 24, 2003

Security Bulletin ID SB2003072401

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Missing release of memory after effective lifetime (CVE-ID: CVE-2003-0418)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP citation, which causes it to include portions of unauthorized memory in ICMP error responses.

Remediation

Install update from vendor's website.

References

http://marc.info/?l=bugtraq&m=105519179005065&w=2
http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt
http://www.kb.cert.org/vuls/id/471084