SB2005102106 - Insufficient verification of data authenticity in Linux kernel
Published: October 21, 2005
Security Bulletin ID
SB2005102106
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Insufficient verification of data authenticity (CVE-ID: CVE-2005-3272)
The vulnerability allows a remote non-authenticated attacker to corrupt data.
Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets.
Remediation
Install update from vendor's website.
References
- http://linux.bkbits.net:8080/linux-2.6/cset@429a310bRFOXOmZvKaGXW8A5Qd9F1A
- http://secunia.com/advisories/18056
- http://secunia.com/advisories/20237
- http://secunia.com/advisories/21745
- http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
- http://www.debian.org/security/2005/dsa-922
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
- http://www.redhat.com/support/errata/RHSA-2006-0493.html
- http://www.securityfocus.com/bid/15536
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10157
- https://usn.ubuntu.com/219-1/