Vulnerabilities > CVE-2003-0856 - Unspecified vulnerability in Stephen Hemminger Iproute

047910
CVSS 4.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
local
low complexity
stephen-hemminger
nessus

Summary

iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface.

Vulnerable Configurations

Part Description Count
Application
Stephen_Hemminger
1

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-492.NASL
    descriptionHerbert Xu reported that local users could cause a denial of service against iproute, a set of tools for controlling networking in Linux kernels. iproute uses the netlink interface to communicate with the kernel, but failed to verify that the messages it received came from the kernel (rather than from other user processes).
    last seen2020-06-01
    modified2020-06-02
    plugin id15329
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15329
    titleDebian DSA-492-1 : iproute - denial of service
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-317.NASL
    descriptionUpdated iproute packages that close a locally-exploitable denial of service vulnerability are now available. The iproute package contains advanced IP routing and network device configuration tools. Herbert Xu reported that iproute can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0856 to this issue. Users of iproute should upgrade to these erratum packages, which contain a patch that checks that netlink messages actually came from the kernel.
    last seen2020-06-01
    modified2020-06-02
    plugin id12432
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12432
    titleRHEL 2.1 / 3 : iproute (RHSA-2003:317)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-115.NASL
    descriptionThis update of the iproute package fixes a security problem found in netlink. See CVE-2003-0856. All users of the netlink application are very strongly advised to update to these latest packages. - Thu May 06 2004 Phil Knirsch <pknirsch at redhat.com> 2.4.7-13.2 - Built security errata version for FC1. - Wed Apr 21 2004 Phil Knirsch <pknirsch at redhat.com> 2.4.7-14 - Fixed -f option for ss (#118355). - Small description fix (#110997). - Added initialization of some vars (#74961). - Added patch to initialize
    last seen2020-06-01
    modified2020-06-02
    plugin id13694
    published2004-07-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13694
    titleFedora Core 1 : iproute-2.4.7-13.2 (2004-115)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-148.NASL
    descriptionHerbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack. The updated packages have been patched to prevent this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id15956
    published2004-12-14
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15956
    titleMandrake Linux Security Advisory : iproute2 (MDKSA-2004:148)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200404-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200404-10 (iproute local Denial of Service vulnerability) It has been reported that iproute can accept spoofed messages on the kernel netlink interface from local users. This could lead to a local Denial of Service condition. Impact : Local users could cause a Denial of Service. Workaround : A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.
    last seen2020-06-01
    modified2020-06-02
    plugin id14475
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14475
    titleGLSA-200404-10 : iproute local Denial of Service vulnerability

Oval

accepted2013-04-29T04:09:55.660-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptioniproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface.
familyunix
idoval:org.mitre.oval:def:10912
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleiproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface.
version25

Redhat

advisories
  • rhsa
    idRHSA-2003:316
  • rhsa
    idRHSA-2003:317
rpms
  • iproute-0:2.4.7-11.30E.1
  • iproute-debuginfo-0:2.4.7-11.30E.1