Plugin #11704 says:
"The remote host is vulnerable to an 'icmp leak' - when it receive a packet that raise an ICMP error packet (except ICMP destination unreachable), the ICMP packet is supposed to contain the original message.
Due to a bug in the remote TCP/IP stack, it will also contain fragments of the content of the remote kernel memory.
An attacker may use this flaw to remotely sniff what is going on into the host's memory, especially network packets that it sees, and obtain useful information such as POP passwords, HTTP authentication fields, and so on.
Solution : Contact your vendor for a fix. If the remote host is running
Linux 2.0, upgrade to Linux 2.0.40.
See also : http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak
http://www.kb.cert.org/vuls/id/471084
Risk factor : High"
But this server is running Linux 2.4.19-64GB-SMP #1 SMP!
And plugin #11268 correctly says:
"Remote OS guess : Linux Kernel 2.4.0 - 2.5.20
CVE : CAN-1999-0454"
The really strange thing is that it occurs only on one of my servers, while on all other 11, which are all similar installations, it doesn't occur.
-- Manuel Kiessling
