CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
87.3%
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1
use a modified MD4 algorithm to generate sequence numbers and Fragment
Identification values, which makes it easier for remote attackers to cause
a denial of service (disrupted networking) or hijack network sessions by
predicting these values and sending crafted packets.
Author | Note |
---|---|
jdstrand | http://git.kernel.org/linus/bc0b96b54a21246e377122d54569eef71cec535f http://git.kernel.org/linus/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | linux | < 2.6.24-29.95 | UNKNOWN |
ubuntu | 10.04 | noarch | linux | < 2.6.32-35.78 | UNKNOWN |
ubuntu | 10.10 | noarch | linux | < 2.6.35-30.61 | UNKNOWN |
ubuntu | 11.04 | noarch | linux | < 2.6.38-12.51 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | < 2.6.32-319.39 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-fsl-imx51 | < 2.6.31-611.29 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-maverick | < 2.6.35-30.61~lucid1 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-natty | < 2.6.38-12.51~lucid1 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-mvl-dove | < 2.6.32-219.37 | UNKNOWN |
ubuntu | 10.10 | noarch | linux-mvl-dove | < 2.6.32-419.37 | UNKNOWN |
lwn.net/Articles/455135/
www.openwall.com/lists/oss-security/2011/08/23/2
launchpad.net/bugs/cve/CVE-2011-3188
nvd.nist.gov/vuln/detail/CVE-2011-3188
security-tracker.debian.org/tracker/CVE-2011-3188
ubuntu.com/security/notices/USN-1220-1
ubuntu.com/security/notices/USN-1228-1
ubuntu.com/security/notices/USN-1236-1
ubuntu.com/security/notices/USN-1239-1
ubuntu.com/security/notices/USN-1240-1
ubuntu.com/security/notices/USN-1241-1
ubuntu.com/security/notices/USN-1242-1
ubuntu.com/security/notices/USN-1243-1
ubuntu.com/security/notices/USN-1245-1
ubuntu.com/security/notices/USN-1246-1
ubuntu.com/security/notices/USN-1253-1
ubuntu.com/security/notices/USN-1256-1
www.cve.org/CVERecord?id=CVE-2011-3188
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
87.3%