From the Linux.com weekly security update - February 10, 2006:
The Linux kernels 2.6.12 through 2.6.15.2 are vulnerable to a Denial of Service (DoS) attack. The problem lies in the ip_options_echo() function in icmp.c, which fails when the kernel responds to an ICMP packet -- i.e., a ping.
The problem has already been fixed in the 2.6.15.3 kernel with a short patch that only applies to net/ipv4/icmp.c, and should not affect any other functions. The turnaround for the patch was very quick, less than one day, though the vulnerability has been present (if undetected) since the 2.6.12 kernel was released last year.
According to the description of the discovery, this is not an easy to exploit vulnerability. However, users should still upgrade their kernel as soon as a new kernel is available from the vendor.
The Linux kernels 2.6.12 through 2.6.15.2 are vulnerable to a Denial of Service (DoS) attack. The problem lies in the ip_options_echo() function in icmp.c, which fails when the kernel responds to an ICMP packet -- i.e., a ping.
The problem has already been fixed in the 2.6.15.3 kernel with a short patch that only applies to net/ipv4/icmp.c, and should not affect any other functions. The turnaround for the patch was very quick, less than one day, though the vulnerability has been present (if undetected) since the 2.6.12 kernel was released last year.
According to the description of the discovery, this is not an easy to exploit vulnerability. However, users should still upgrade their kernel as soon as a new kernel is available from the vendor.
16 Dec 2006 07:40:08
how can i exploit it?