Vulnerability CVE-1999-0128


Published: 1996-12-18   Modified: 2012-02-12

Description:
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

Vendor: SUN
Product: Sunos 
Version:
5.5.1
5.5
5.4
Vendor: SCO
Product: Openserver 
Version: 5.0.2; 5.0;
Product: Open desktop 
Version: 3.0;
Product: Tcp ip 
Version: 1.2.1;
Product: Internet faststart 
Version: 1.1; 1.0;
Vendor: IBM
Product: AIX 
Version:
4.2
4.1
3.2
Product: SNG 
Version: 2.2; 2.1;
Vendor: Linux
Product: Linux kernel 
Version: 2.0; 1.3.0;
Vendor: Digital
Product: Osf 1 
Version: 1.3.3;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

Related CVE
CVE-2002-1127
Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long source (-s) command line parameter.
CVE-2002-1128
Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable.
CVE-2002-1129
Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument.
CVE-2001-0369
Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a local attacker to obtain root access via a long command line argument (non-existent printer name).
CVE-2001-0134
Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name.
CVE-2000-0845
kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to read arbitrary files by specifying the full file name in the initialization packet.
CVE-2000-0314
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.
CVE-2000-0315
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.

Copyright 2019, cxsecurity.com

 

Back to Top