#VU100006 Improper authorization in Linux kernel - CVE-2001-0851
Published: December 6, 2001 / Updated: October 10, 2017
Vulnerability identifier: #VU100006
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2001-0851
CWE-ID: CWE-285
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
Remediation
Install update from vendor's repository.
External links
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432
- http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3
- http://www.linuxsecurity.com/advisories/other_advisory-1683.html
- http://www.novell.com/linux/security/advisories/2001_039_kernel2_txt.html
- http://www.redhat.com/support/errata/RHSA-2001-142.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7461