Main Vulnerability Database Vulnerabilities #VU100011

#VU100011 Insufficient verification of data authenticity in Linux kernel - CVE-2000-0289

Published: March 27, 2000 / Updated: September 10, 2008

Vulnerability identifier: #VU100011

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2000-0289

CWE-ID: CWE-345

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.

Remediation

Install update from vendor's repository.

External links

http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html
http://www.novell.com/linux/security/advisories/suse_security_announce_48.html
http://www.securityfocus.com/bid/1078