Main Vulnerability Database SB2001123101

SB2001123101 - Improper input validation in Linux kernel

Published: December 31, 2001

Security Bulletin ID SB2001123101

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper input validation (CVE-ID: CVE-2001-1572)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.

Remediation

Install update from vendor's website.

References

http://archives.neohapsis.com/archives/bugtraq/2001-10/0057.html
http://www.iss.net/security_center/static/7267.php
http://www.securityfocus.com/bid/3418