Vulnerability Name:

CVE-2001-1388 (CCN-7489)

Assigned:2001-10-30
Published:2001-10-30
Updated:2021-02-02
Summary:iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-770
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Red Hat Bugzilla Bug 42990
iptables-save: -c option causing problems as of 1.2.2-1.i386

Source: CONFIRM
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=53325

Source: MITRE
Type: CNA
CVE-2001-1387

Source: MITRE
Type: CNA
CVE-2001-1388

Source: CCN
Type: RHSA-2001-144
Updated iptables packages are available

Source: REDHAT
Type: Broken Link
RHSA-2001:144

Source: CCN
Type: BID-3520
RedHat Linux IPTables Save Option Unrestorable Rules Vulnerability

Source: XF
Type: UNKNOWN
iptables-save-files-option(7489)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:netfilter:iptables:*:*:*:*:*:*:*:* (Version < 1.2.4)

    • Configuration CCN 1:
  • cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2001-1388 (CCN-11117)

    Assigned:2001-11-05
    Published:2001-11-05
    Updated:2001-11-05
    Summary:iptables firewall fails to properly convert rate limits that are issued when using the -m command line argument. A local attacker can send a malicious -m command to iptables to permit a greater or lesser amount of traffic from passing through the firewall than specified by the administrator.
    CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Local
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Partial
    Availibility (A): None
    Vulnerability Consequences:Other
    References:Source: CCN
    Type: Red Hat Bugzilla Bug 53325
    Errata conversion of iptables .... -m limit ##/sec

    Source: MITRE
    Type: CNA
    CVE-2001-1388

    Source: CCN
    Type: RHSA-2001-144
    Updated iptables packages are available

    Source: XF
    Type: UNKNOWN
    iptables-m-change-traffic(11117)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    netfilter iptables *
    redhat linux 7
    redhat linux 7.1
    redhat linux 7.2
    redhat linux 7.3
    redhat linux 7.1
    redhat linux 7.2