blob: 44f10428962c896610f89f0ac2a9d27a0343fbcb (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Candidate: CVE-2003-0187
References:
http://marc.theaimsgroup.com/?l=bugtraq&m=105986028426824&w=2
http://oval.mitre.org/oval/definitions/data/oval260.html
Description:
The connection tracking core of Netfilter for Linux 2.4.20, with
CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote
attackers to cause a denial of service (resource consumption) due to an
inconsistency with Linux 2.4.20's support of linked lists, which causes
Netfilter to fail to identify connections with an UNCONFIRMED status and
use large timeouts.
Notes:
This was fixed before 2.6.0:
http://linux.bkbits.net:8080/linux-2.6/cset@3e631f9evO15b8EcYa8btEi07F2mYQ?nav=index.html|src/|src/include|src/include/linux|src/include/linux/netfilter_ipv4|related/include/linux/netfilter_ipv4/ip_conntrack.h
Bugs:
upstream: released (2.4.21)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A
|