| Vulnerability Name: | CVE-2001-0323 (CCN-5975) | ||||||||
| Assigned: | 2001-01-15 | ||||||||
| Published: | 2001-01-15 | ||||||||
| Updated: | 2017-12-19 | ||||||||
| Summary: | The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don't Fragment (DF) set" packets between two target hosts, which could cause one host to lower its MTU when transmitting to the other host. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Jan 15 2001 - 00:15:48 CST ICMP fragmentation required but DF set problems. Source: MITRE Type: CNA CVE-2001-0323 Source: BUGTRAQ Type: UNKNOWN 20010115 ICMP fragmentation required but DF set problems. Source: MANDRIVA Type: UNKNOWN MDVSA-2013:150 Source: CCN Type: Oracle Critical Patch Update Advisory - July 2012 Oracle Critical Patch Update Advisory - July 2012 Source: CONFIRM Type: UNKNOWN http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html Source: CCN Type: OSVDB ID: 8816 Multiple Vendor ICMP Path MTU Discovery Spoofing DoS Source: CCN Type: SecuriTeam Mailing List, SecurityNews 15 Jan 2001 New Denial of Service attack exploits special ICMP flags Source: XF Type: UNKNOWN icmp-pmtu-dos(5975) Source: XF Type: UNKNOWN icmp-pmtu-dos(5975) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||