Vulnerability Name:

CVE-2001-1398 (CCN-11169)

Assigned:2001-04-09
Published:2001-04-09
Updated:2016-12-08
Summary:Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Caldera Systems, Inc. Security Advisory CSSA-2001-012.0
several security problems in linux kernel

Source: MITRE
Type: CNA
CVE-2001-1398

Source: CCN
Type: Conectiva Linux Announcement CLSA-2001:394
kernel

Source: IMMUNIX
Type: UNKNOWN
IMNX-2001-70-010-01

Source: CALDERA
Type: UNKNOWN
CSSA-2001-012.0

Source: BUGTRAQ
Type: UNKNOWN
20010405 Trustix Security Advisory #2001-0003 - kernel

Source: BUGTRAQ
Type: UNKNOWN
20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2001:037

Source: CONECTIVA
Type: UNKNOWN
CLA-2001:394

Source: SUSE
Type: UNKNOWN
SuSE-SA:2001:018

Source: CCN
Type: Immunix OS Security Advisory IMNX-2001-70-010-01
kernel

Source: CCN
Type: Progeny Linux Systems Security Advisory PROGENY-SA-2001-01
execve()/ptrace() exploit in Linux kernels prior to 2.2.19

Source: CCN
Type: RHSA-2001-047
Linux kernel 2.2.19 now available

Source: CCN
Type: RHSA-2002-210
New kernel 2.2 packages fix local vulnerabilities

Source: DEBIAN
Type: DSA-047
kernel -- multiple security problems

Source: CCN
Type: The The Linux Kernel Archives Web site
The Linux Kernel Archives

Source: CONFIRM
Type: UNKNOWN
http://www.linux.org.uk/VERSION/relnotes.2219.html

Source: CCN
Type: OSVDB ID: 9582
Linux Kernel Masquerading Code Packet Length Unspecified Issue

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2001:047

Source: CCN
Type: SuSE Security Announcement SuSE-SA:2001:18
kernel

Source: CCN
Type: Trustix Secure Linux Security Advisory #2001-0003
kernel

Source: CCN
Type: USSG Indiana University Web Site
Linux 2.2.19 Release Notes

Source: CCN
Type: MandrakeSoft Security Advisory MDKSA-2001:037
Updated kernel packages fix a number of serious security flaws

Source: XF
Type: UNKNOWN
linux-masquerade-packet-bo(11169)

Source: DEBIAN
Type: UNKNOWN
DSA-047

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 2.2.19)

  • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.14:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.13:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.15:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.16:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.17:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.18:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.4:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.2.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:suse:suse_linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.01:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.2:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:47
    V
    multiple security problems
    2001-04-16
    BACK
    linux linux kernel *
    linux linux kernel 2.2.0
    linux linux kernel 2.2.1
    linux linux kernel 2.2.5
    linux linux kernel 2.2.14
    linux linux kernel 2.2.2
    linux linux kernel 2.2.3
    linux linux kernel 2.2.7
    linux linux kernel 2.2.8
    linux linux kernel 2.2.9
    linux linux kernel 2.2.10
    linux linux kernel 2.2.11
    linux linux kernel 2.2.12
    linux linux kernel 2.2.13
    linux linux kernel 2.2.15
    linux linux kernel 2.2.16
    linux linux kernel 2.2.17
    linux linux kernel 2.2.18
    linux linux kernel 2.2.4
    linux linux kernel 2.2.6
    suse suse linux 6.2
    suse suse linux 6.0
    redhat linux 6.2
    suse suse linux 6.3
    suse suse linux 6.4
    debian debian linux 2.2
    mandrakesoft mandrake linux 7.0
    suse suse linux 6.1
    mandrakesoft mandrake linux 7.1
    mandrakesoft mandrake linux 6.0
    mandrakesoft mandrake linux 6.1
    trustix secure linux 1.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    suse suse linux 7.0
    mandrakesoft mandrake linux corporate server 1.0.1
    suse suse linux 7.1
    trustix secure linux 1.01
    trustix secure linux 1.2