Main Vulnerability Database Vulnerabilities #VU99961

Missing release of memory after effective lifetime in Linux kernel - CVE-2003-0418

Published: July 24, 2003 / Updated: October 18, 2016

Vulnerability identifier: #VU99961

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2003-0418

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP citation, which causes it to include portions of unauthorized memory in ICMP error responses.

How to mitigate CVE-2003-0418

Install update from vendor's repository.

Sources

http://marc.info/?l=bugtraq&m=105519179005065&w=2
http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt
http://www.kb.cert.org/vuls/id/471084

Missing release of memory after effective lifetime in Linux kernel - CVE-2003-0418

Detailed vulnerability description

How to mitigate CVE-2003-0418

Sources

Please verify you're human