BID:2247

Multiple Linux Vendor Zero-Length Fragment Vulnerability

Info

Multiple Linux Vendor Zero-Length Fragment Vulnerability

Bugtraq ID:	2247
Class:	Serialization Error
CVE:	CVE-1999-0431
Remote:	Yes
Local:	Yes
Published:	Dec 08 1997 12:00AM
Updated:	Jul 11 2009 04:46AM
Credit:	Posted to BugTraq on March 24, 1999 by John McDonald < [email protected] >
Vulnerable:	Linux kernel 2.2.17 + Mandriva Linux Mandrake 7.2 + SuSE Linux 7.0 + Trustix Secure Linux 1.2 Linux kernel 2.2.16 pre6 Linux kernel 2.2.16 + Redhat Linux 7.0 + Sun Cobalt Qube 3 + Sun Cobalt RaQ XTR + Trustix Secure Linux 1.1 Linux kernel 2.2.15 pre20 Linux kernel 2.2.15 pre16 Linux kernel 2.2.15 + MandrakeSoft Corporate Server 1.0.1 + Mandriva Linux Mandrake 7.1 Linux kernel 2.2.14 + Redhat Linux 6.2 + SCO eDesktop 2.4 + SCO eServer 2.3.1 + Sun Cobalt RaQ 4 Linux kernel 2.2.13 + SuSE Linux 6.4 + SuSE Linux 6.3 Linux kernel 2.2.12 Linux kernel 2.2.10 + Caldera OpenLinux 2.3 Linux kernel 2.2.3 Linux kernel 2.2 Linux kernel 2.1.89

Not Vulnerable:	Linux kernel 2.3.99 Linux kernel 2.3 .x Linux kernel 2.3 Linux kernel 2.2.4

Discussion

Multiple Linux Vendor Zero-Length Fragment Vulnerability

Linux kernel versions 2.1.89 to 2.2.3 are vulnerable to a denial of service attack caused when a 0-length IP fragment is received, if it is the first fragment in the list. Several thousands 0-length packets must be sent in order for this to initiate a denial of service against the target.

Exploit / POC

Multiple Linux Vendor Zero-Length Fragment Vulnerability

An exploit has been made available.

/data/vulnerabilities/exploits/sesquipedalian.c

References

Multiple Linux Vendor Zero-Length Fragment Vulnerability

References: