Main Vulnerability Database Vulnerabilities #VU100011

Insufficient verification of data authenticity in Linux kernel - CVE-2000-0289

Published: March 27, 2000 / Updated: September 10, 2008

Vulnerability identifier: #VU100011

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2000-0289

CWE-ID: CWE-345

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.

How to mitigate CVE-2000-0289

Install update from vendor's repository.

Sources

http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html
http://www.novell.com/linux/security/advisories/suse_security_announce_48.html
http://www.securityfocus.com/bid/1078

Insufficient verification of data authenticity in Linux kernel - CVE-2000-0289

Detailed vulnerability description

How to mitigate CVE-2000-0289

Sources

Please verify you're human