CVE-2010-2529 — inetutils - denial of service

Description

Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response.

How to fix CVE-2010-2529

To remediate CVE-2010-2529, upgrade the affected package to a fixed version below.

Debian/inetutils—upgrade to 2:1.9-2 or later
Debian/inetutils—upgrade to 2:1.6-3.1+squeeze2 or later
Debian/iputils—upgrade to 3:20100418-2 or later

Is CVE-2010-2529 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 2:1.9-2
from 0, < 2:1.6-3.1+squeeze2
from 0, < 3:20100418-2

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-2529