CVE-2011-2699 - Monoacid Diagnoses

Description

The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=87c48fa3b4630905f98268dde838ee43626a060c https://bugzilla.redhat.com/show_bug.cgi?id=723429 http://www.openwall.com/lists/oss-security/2011/07/20/5 https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c http://www.securitytracker.com/id?1027274 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5