Vulnerability Name:

CVE-2000-0289 (CCN-4233)

Assigned:2000-03-27
Published:2000-03-27
Updated:2008-09-10
Summary:IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Data Manipulation
References:Source: BUGTRAQ
Type: Exploit, Vendor Advisory
20000327 Security Problems with Linux 2.2.x IP Masquerading

Source: CCN
Type: BugTraq Mailing List, Mon Mar 27 2000 - 23:31:41 CST
Security Problems with Linux 2.2.x IP Masquerading

Source: MITRE
Type: CNA
CVE-2000-0289

Source: CCN
Type: US-CERT VU#24140
Linux kernel IP Masquerading "destination loose" (DLOOSE) configuration passes arbitrary UDP traffic

Source: SUSE
Type: UNKNOWN
20000520 Security hole in kernel < 2.2.15

Source: BID
Type: Exploit, Patch, Vendor Advisory
1078

Source: CCN
Type: BID-1078
Multiple Linux Vendor 2.2.x Kernel IP Masquerading Vulnerabilities

Source: XF
Type: UNKNOWN
linux-ip-masquerading(4233)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:debian:debian_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:pre_potato:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.14:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.0:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.0:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:sparc:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:i386:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:redhat:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.1:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2000-0289 (CCN-4504)

    Assigned:2000-05-17
    Published:2000-05-17
    Updated:2000-05-17
    Summary:The Linux kernel contains a vulnerability in the UDP and FTP masquerading code. A remote user could exploit the masquerading feature to bypass ipchains filter rules and possibly crash the system.
    CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): High
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): None
    7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Complete
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2000-0289

    Source: CCN
    Type: BID-1078
    Multiple Linux Vendor 2.2.x Kernel IP Masquerading Vulnerabilities

    Source: CCN
    Type: SuSE Security Announcement #48
    kernel < 2.2.15

    Source: XF
    Type: UNKNOWN
    linux-masquerading-dos(4504)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.2.14:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.12:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    debian debian linux 2.1
    debian debian linux 2.2
    debian debian linux 2.2
    linux linux kernel 2.2.10
    linux linux kernel 2.2.12
    linux linux kernel 2.2.14
    redhat linux 6.0
    redhat linux 6.0
    redhat linux 6.0
    redhat linux 6.1
    redhat linux 6.1
    redhat linux 6.1
    redhat linux 6.2
    redhat linux *
    debian debian linux *
    linux linux kernel 2.2.1
    linux linux kernel 2.2.14
    linux linux kernel 2.2.10
    linux linux kernel 2.2.12