CVE-2011-2699

The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.

From the Ubuntu Security Team

Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.

• How can I get the fixes?
• What do statuses mean?
• Patch details

References

• MITRE
• NVD
• Launchpad
• Debian

Related Ubuntu Security Notices (USN)

• USN-1219-1
• Linux kernel (Maverick backport) vulnerabilities
• 29 September 2011
• USN-1253-1
• Linux kernel vulnerabilities
• 8 November 2011
• USN-1202-1
• Linux kernel (OMAP4) vulnerabilities
• 13 September 2011
• USN-1239-1
• Linux kernel (EC2) vulnerabilities
• 25 October 2011
• USN-1211-1
• Linux kernel vulnerabilities
• 21 September 2011
• USN-1227-1
• Linux kernel vulnerabilities
• 11 October 2011
• USN-1240-1
• Linux kernel (Marvell DOVE) vulnerabilities
• 25 October 2011
• USN-1204-1
• Linux kernel (i.MX51) vulnerabilities
• 13 September 2011
• USN-1256-1
• Linux kernel (Natty backport) vulnerabilities
• 9 November 2011
• USN-1245-1
• Linux kernel (Marvell DOVE) vulnerabilities
• 25 October 2011
• USN-1225-1
• Linux kernel vulnerabilities
• 4 October 2011
• USN-1212-1
• Linux kernel (OMAP4) vulnerabilities
• 21 September 2011

Other references

• https://www.cve.org/CVERecord?id=CVE-2011-2699