#VU100008 Improper access control in Linux kernel - CVE-2001-0405

Cybersecurity Help s.r.o.

Published: 2001-07-02 | Updated: 2024-11-07

Vulnerability identifier: #VU100008

Vulnerability risk: Low

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2001-0405

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://archives.neohapsis.com/archives/bugtraq/2001-04/0271.html
https://www.linux-mandrake.com/en/security/2001/MDKSA-2001-071.php3
https://www.redhat.com/support/errata/RHSA-2001-052.html
https://www.redhat.com/support/errata/RHSA-2001-084.html
https://www.securityfocus.com/bid/2602
https://exchange.xforce.ibmcloud.com/vulnerabilities/6390

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Improper access control in Linux kernel