CVE-2001-0323 - The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause

CVE-2001-0323

Summary

The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don't Fragment (DF) set" packets between two target hosts, which could cause one host to lower its MTU when transmitting to the other host.

References

http://marc.info/?l=bugtraq&m=97958349623450&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/5975

Vulnerable Configurations

CVSS

Base:	6.4 (as of 19-12-2017 - 02:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:P

refmap via4

bugtraq	20010115 ICMP fragmentation required but DF set problems.
confirm	http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
mandriva	MDVSA-2013:150
xf	icmp-pmtu-dos(5975)

Last major update

19-12-2017 - 02:29

Published

02-06-2001 - 04:00

Last modified

19-12-2017 - 02:29