Denial of Service Vulnerability in Linux with NAT Enabled
CVE-1999-1339

Currently unrated

Key Information:

Vendor: Linux
Status: Linux Kernel; FreeBSD
Vendor: CVE Published:; 31 December 1999

Summary

A vulnerability exists in Linux 2.2.10 and earlier versions that use Network Address Translation (NAT) with ipchains, as well as in FreeBSD 3.2 utilizing ipfw. This flaw allows remote attackers to trigger a kernel panic through the use of the ping -R (record route) command, which can result in a denial of service. Exploiting this vulnerability could disrupt service by crashing the affected system, making it temporarily or permanently unavailable.

References

http://www.kernel.org/pub/linux/kernel/v2.2/patch-2.2.11.gz

x_refsource_CONFIRM

http://marc.info/?l=bugtraq&m=93277426802802&w=2

mailing-listx_refsource_BUGTRAQ

http://www.osvdb.org/6105

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability Reserved
Aug 31, 2001
Vulnerability published
Dec 31, 1999