Vulnerability Description
The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP citation, which causes it to include portions of unauthorized memory in ICMP error responses.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.0 |
References
- http://marc.info/?l=bugtraq&m=105519179005065&w=2
- http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txtExploitPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/471084PatchThird Party AdvisoryUS Government Resource
- http://marc.info/?l=bugtraq&m=105519179005065&w=2
- http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txtExploitPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/471084PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2003-0418?
CVE-2003-0418 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP citation, which causes it to include portions of unauthorized memory in ICMP error responses.
How severe is CVE-2003-0418?
CVE-2003-0418 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0418?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.