[原文]Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet.
Linux Kernel Fragmented ICMP Packet Information Disclosure
Local Access Required,
Remote / Network Access
Loss of Confidentiality
The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when custom crafted ICMP fragments are sent to the kernel, which will trigger an ICMP TTL exceeded error packet containing data from memory in response. This will disclose information in memory, resulting in a loss of confidentiality.
Upgrade to a kernel version of 2.2.19, 2.4.0 mainline, or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch.