CVE
- Id
- 520
- CVE No.
- CVE-1999-0523
- Status
- Candidate
- Description
- ICMP echo (ping) is allowed from arbitrary hosts.
- Phase
- Proposed (19990726)
- Votes
- MODIFY(1) Meunier | NOOP(1) Baker | REJECT(2) Frech, Northcutt
- Comments
- Northcutt> (Though I sympathize with this one :) | CHANGE> [Frech changed vote from REVIEWING to REJECT] | Frech> Ping is a utility that can be run on demand; ICMP echo is a | message | type. As currently worded, this candidate seems as if an arbitrary | host | is vulnerable because it is capable of running an arbitrary program | or | function (in this case, ping/ICMP echo). There are many | programs/functions that | "shouldn"t" be on a computer, from a security admin"s perspective. | Even if this | were a vulnerability, it would be impacted by CD-HIGHCARD. | Meunier> Every ICMP message type presents a vulnerability or an | exposure, if access is not controlled. By that I mean not only those | in RFC 792, but also those in RFC 1256, 950, and more. I think that | the description should be changed to "ICMP messages are acted upon | without any access control". ICMP is an error and debugging protocol. | We complain about vendors leaving testing backdoors in their programs. | ICMP is the equivalent for TCP/IP. ICMP should be in the dog house, | unless you are trying to troubleshoot something. MTU discovery is | just a performance tweak -- it"s not necessary. I don"t know of any | ICMP message type that is necessary if the network is functional. | Limited logging of ICMP messages could be useful, but acting upon them | and allowing the modification of routing tables, the behavior of the | TCP/IP stack, etc... without any form of authentication is just crazy.
