Improper authorization in Linux kernel - CVE-2001-0851
Published: December 6, 2001 / Updated: October 10, 2017
Vulnerability identifier: #VU100006
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2001-0851
CWE-ID: CWE-285
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
How to mitigate CVE-2001-0851
Install update from vendor's repository.
Sources
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432
- http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3
- http://www.linuxsecurity.com/advisories/other_advisory-1683.html
- http://www.novell.com/linux/security/advisories/2001_039_kernel2_txt.html
- http://www.redhat.com/support/errata/RHSA-2001-142.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7461