Lucene search

Gentoo FoundationGLSA-200404-10

HistoryApr 09, 2004 - 12:00 a.m.

iproute local Denial of Service vulnerability

2004-04-0900:00:00

Gentoo Foundation

security.gentoo.org

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

25.9%

JSON

Background

iproute is a set of tools for managing linux network routing and advanced features.

Description

It has been reported that iproute can accept spoofed messages on the kernel netlink interface from local users. This could lead to a local Denial of Service condition.

Impact

Local users could cause a Denial of Service.

Workaround

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.

Resolution

All iproute users should upgrade to version 20010824-r5 or later:

 # emerge sync

 # emerge -pv "&gt;=sys-apps/iproute-20010824-r5";
 # emerge "&gt;=sys-apps/iproute-20010824-r5";

OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-apps/iproute<= 20010824-r4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	sys-apps/iproute	<= 20010824-r4	UNKNOWN

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

25.9%

JSON

Related for GLSA-200404-10