Insufficient verification of data authenticity in Linux kernel - CVE-2005-3272
Published: October 21, 2005 / Updated: October 3, 2018
Vulnerability identifier: #VU99919
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2005-3272
CWE-ID: CWE-345
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to corrupt data.
Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets.
How to mitigate CVE-2005-3272
Install update from vendor's repository.
Sources
- http://linux.bkbits.net:8080/linux-2.6/cset@429a310bRFOXOmZvKaGXW8A5Qd9F1A
- http://secunia.com/advisories/18056
- http://secunia.com/advisories/20237
- http://secunia.com/advisories/21745
- http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
- http://www.debian.org/security/2005/dsa-922
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
- http://www.redhat.com/support/errata/RHSA-2006-0493.html
- http://www.securityfocus.com/bid/15536
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10157
- https://usn.ubuntu.com/219-1/