Insufficient verification of data authenticity in Linux kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2000-0289 |
| CWE-ID | CWE-345 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Insufficient verification of data authenticity
EUVDB-ID: #VU100011
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2000-0289
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.
MitigationInstall update from vendor's repository.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html
https://www.novell.com/linux/security/advisories/suse_security_announce_48.html
https://www.securityfocus.com/bid/1078
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
