VULHUB ™

A problem with the generation of ICMP packets by the Linux kernel makes it possible for remote users to gain access to possibly sensitive information. When a vulnerable version of the Linux kernel creates certain ICMP packets, the packet data segment it is padded with arbitrary information retrieved from system memory. The information contained in this padding is from memory that has recently been freed, and under some circumstances may be sensitive data. This problem makes it possible for a remote user to minimally fingerprint a system running a vulnerable kernel, and could lead to the gathering of sensitive information.

A problem with the generation of ICMP packets by the Linux kernel makes it possible for remote users to gain access to possibly sensitive information. When a vulnerable version of the Linux kernel creates certain ICMP packets, the packet data segment it is padded with arbitrary information retrieved from system memory. The information contained in this padding is from memory that has recently been freed, and under some circumstances may be sensitive data. This problem makes it possible for a remote user to minimally fingerprint a system running a vulnerable kernel, and could lead to the gathering of sensitive information.