Main Vulnerability Database Vulnerabilities #VU100013

Resource exhaustion in Linux kernel - CVE-1999-1339

Published: December 31, 1999 / Updated: October 18, 2016

Vulnerability identifier: #VU100013

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-1999-1339

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.

How to mitigate CVE-1999-1339

Install update from vendor's repository.

Sources

http://marc.info/?l=bugtraq&m=93277426802802&w=2
http://marc.info/?l=bugtraq&m=93277766505061&w=2
http://www.iss.net/security_center/static/7257.php
http://www.kernel.org/pub/linux/kernel/v2.2/patch-2.2.11.gz
http://www.osvdb.org/6105

Resource exhaustion in Linux kernel - CVE-1999-1339

Detailed vulnerability description

How to mitigate CVE-1999-1339

Sources

Please verify you're human