| Revision Date: | 2003-11-12 | Version: | 502 |
| Title: | RHSA-2003:317: iproute security update (Low) |
| Description: | The iproute package contains advanced IP routing and network device configuration tools.
Herbert Xu reported that iproute can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0856 to this issue. Users of iproute should upgrade to these erratum packages, which contain a patch that checks that netlink messages actually came from the kernel.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2003-0856
RHSA-2003:317-01
|
| Platform(s): | Red Hat Enterprise Linux 3
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux 3 is installed AND iproute is earlier than 0:2.4.7-11.30E.1
AND iproute is signed with Red Hat master key
|