A fingerprinting threat has been reported in some versions of the 2.4 Linux kernel IP stack implementation. UDP packets are transmitted with a constant IP Identification field of 0.


An attacker may be able to exploit this weakness to discover the operating system and approximate kernel version of the vulnerable system. The ability to fingerprint operating systems based on minor differences in network implementations is well known, and not limited to Linux based systems.

Remote: Yes

Exploit: No

Source: http://www.xatrix.org/modules.php?op...thread&order=1