Improper removal of sensitive information before storage or transfer in Linux kernel - CVE-2002-0704
Published: July 26, 2002 / Updated: February 3, 2024
Vulnerability identifier: #VU95776
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2002-0704
CWE-ID: CWE-212
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Network Address Translation (NAT) capability for Netfilter ('iptables') 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.
How to mitigate CVE-2002-0704
Install update from vendor's repository.
Sources
- http://www.redhat.com/support/errata/RHSA-2002-086.html
- http://www.iss.net/security_center/static/9043.php
- http://www.securityfocus.com/bid/4699
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-030.php
- http://online.securityfocus.com/advisories/4116
- http://marc.info/?l=bugtraq&m=102088521517722&w=2