CVE-2011-2699

HIGH

Description

The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=87c48fa3b4630905f98268dde838ee43626a060c

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.openwall.com/lists/oss-security/2011/07/20/5

http://www.securitytracker.com/id?1027274

https://bugzilla.redhat.com/show_bug.cgi?id=723429

https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c

Details

Source: MITRE

Published: 2012-05-24

Updated: 2013-10-11

Risk Information

CVSS v2.0

Base Score: 7.8

Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH