Candidate: CVE-2003-0550 References: REDHAT:RHSA-2003:238 URL:http://www.redhat.com/support/errata/RHSA-2003-238.html DEBIAN:DSA-358 URL:http://www.debian.org/security/2004/dsa-358 DEBIAN:DSA-423 URL:http://www.debian.org/security/2004/dsa-423 OVAL:OVAL380 URL:http://oval.mitre.org/oval/definitions/data/oval380.html Description: The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. Notes: Bugs: upstream: released (2.4.22-pre3) linux-2.6: N/A 2.6.8-sarge-security: N/A 2.4.27-sarge-security: N/A 2.4.19-woody-security: released (2.4.19-4.woody3) 2.4.18-woody-security: released (2.4.18-10) 2.4.17-woody-security: released (2.4.17-1woody4) 2.4.16-woody-security: released (2.4.16-1woody3) 2.4.17-woody-security-hppa: released (32.5) 2.4.17-woody-security-ia64: released (011226.14.1) 2.4.18-woody-security-hppa: released (62.4)