Details of VAR-200312-0223

ID

VAR-200312-0223

CVE

CVE-2003-0856

TITLE

Red Hat Linux of iproute Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2003-000356

DESCRIPTION

iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface. Red Hat Linux Included in iproute In Linux Netlink Check for messages via the interface is improper, so forged messages Linux Netlink There are vulnerabilities that will be accepted if received via the interface.proute A command included in the package interferes with service operation (DoS) It may be in a state. A problem has been discovered in iproute when handling messages from the kernel. Because of this, it may be possible for an attacker to deny service to legitimate users of a system. iproute is an advanced IP routing and network device configuration tool. No detailed vulnerability details are currently available

Trust: 1.98

sources: NVD: CVE-2003-0856 // JVNDB: JVNDB-2003-000356 // BID: 9092 // VULHUB: VHN-7681

AFFECTED PRODUCTS

vendor:	stephen hemminger	model:	iproute	scope:	lte	version:	2.4.7	Trust: 1.0
vendor:	red hat	model:	linux	scope:	eq	version:	7.1	Trust: 0.8
vendor:	red hat	model:	linux	scope:	eq	version:	7.2	Trust: 0.8
vendor:	red hat	model:	linux	scope:	eq	version:	7.3	Trust: 0.8
vendor:	red hat	model:	linux	scope:	eq	version:	8.0	Trust: 0.8
vendor:	red hat	model:	linux	scope:	eq	version:	9	Trust: 0.8
vendor:	stephen hemminger	model:	iproute	scope:	eq	version:	2.4.7	Trust: 0.6
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	8	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	9	Trust: 0.3
vendor:	suse	model:	linux desktop	scope:	eq	version:	1.0	Trust: 0.3
vendor:	suse	model:	linux	scope:	eq	version:	8.1	Trust: 0.3
vendor:	suse	model:	linux i386	scope:	eq	version:	8.0	Trust: 0.3
vendor:	suse	model:	linux	scope:	eq	version:	8.0	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.2	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.1	Trust: 0.3
vendor:	s u s e	model:	linux personal x86 64	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	8.2	Trust: 0.3
vendor:	s u s e	model:	linux database server	scope:	eq	version:	0	Trust: 0.3
vendor:	redhat	model:	linux i386	scope:	eq	version:	9.0	Trust: 0.3
vendor:	redhat	model:	linux i386	scope:	eq	version:	8.0	Trust: 0.3
vendor:	redhat	model:	linux i386	scope:	eq	version:	7.3	Trust: 0.3
vendor:	redhat	model:	linux ia64	scope:	eq	version:	7.2	Trust: 0.3
vendor:	redhat	model:	linux i386	scope:	eq	version:	7.2	Trust: 0.3
vendor:	redhat	model:	linux pseries	scope:	eq	version:	7.1	Trust: 0.3
vendor:	redhat	model:	linux iseries	scope:	eq	version:	7.1	Trust: 0.3
vendor:	redhat	model:	linux i386	scope:	eq	version:	7.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake amd64	scope:	eq	version:	10.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	10.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake amd64	scope:	eq	version:	9.2	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	9.2	Trust: 0.3
vendor:	mandrakesoft	model:	multi network firewall	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	2.1	Trust: 0.3
vendor:	david	model:	mischler iproute	scope:	eq	version:	2.4.7	Trust: 0.3
vendor:	david	model:	mischler iproute	scope:	eq	version:	2.2.4	Trust: 0.3
vendor:	david	model:	mischler iproute	scope:	eq	version:	20010824	Trust: 0.3

sources: BID: 9092 // JVNDB: JVNDB-2003-000356 // CNNVD: CNNVD-200312-048 // NVD: CVE-2003-0856

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0856
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2003-0856
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200312-048
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-7681
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-0856
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-7681
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7681 // JVNDB: JVNDB-2003-000356 // CNNVD: CNNVD-200312-048 // NVD: CVE-2003-0856

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0856

THREAT TYPE

local

Trust: 0.9

sources: BID: 9092 // CNNVD: CNNVD-200312-048

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200312-048

CONFIGURATIONS

sources: JVNDB: JVNDB-2003-000356

PATCH

title:	RHSA-2003:316	url:	https://rhn.redhat.com/errata/RHSA-2003-316.html	Trust: 0.8
title:	RHSA-2003:316	url:	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-316J.html	Trust: 0.8

sources: JVNDB: JVNDB-2003-000356

EXTERNAL IDS

db:	NVD	id:	CVE-2003-0856	Trust: 2.8
db:	BID	id:	9092	Trust: 1.2
db:	SECTRACK	id:	1008173	Trust: 0.8
db:	JVNDB	id:	JVNDB-2003-000356	Trust: 0.8
db:	CNNVD	id:	CNNVD-200312-048	Trust: 0.7
db:	SUSE	id:	SUSE-SR:2005:001	Trust: 0.6
db:	DEBIAN	id:	DSA-492	Trust: 0.6
db:	REDHAT	id:	RHSA-2003:317	Trust: 0.6
db:	REDHAT	id:	RHSA-2003:316	Trust: 0.6
db:	FEDORA	id:	FEDORA-2004-115	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:10912	Trust: 0.6
db:	VULHUB	id:	VHN-7681	Trust: 0.1

sources: VULHUB: VHN-7681 // BID: 9092 // JVNDB: JVNDB-2003-000356 // CNNVD: CNNVD-200312-048 // NVD: CVE-2003-0856

REFERENCES

url:	http://www.debian.org/security/2004/dsa-492	Trust: 1.7
url:	http://www.redhat.com/archives/fedora-announce-list/2004-may/msg00004.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2003-316.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2003-317.html	Trust: 1.7
url:	http://www.novell.com/linux/security/advisories/2005_01_sr.html	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10912	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0856	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0856	Trust: 0.8
url:	http://www.securityfocus.com/bid/9092	Trust: 0.8
url:	http://www.securitytracker.com/alerts/2003/nov/1008173.html	Trust: 0.8
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:10912	Trust: 0.6

sources: VULHUB: VHN-7681 // JVNDB: JVNDB-2003-000356 // CNNVD: CNNVD-200312-048 // NVD: CVE-2003-0856

CREDITS

Herbert Xu

Trust: 0.6

sources: CNNVD: CNNVD-200312-048

SOURCES

db:	VULHUB	id:	VHN-7681
db:	BID	id:	9092
db:	JVNDB	id:	JVNDB-2003-000356
db:	CNNVD	id:	CNNVD-200312-048
db:	NVD	id:	CVE-2003-0856

LAST UPDATE DATE

2024-08-14T12:34:24.955000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-7681	date:	2017-10-11T00:00:00
db:	BID	id:	9092	date:	2009-07-12T00:56:00
db:	JVNDB	id:	JVNDB-2003-000356	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200312-048	date:	2005-12-05T00:00:00
db:	NVD	id:	CVE-2003-0856	date:	2017-10-11T01:29:15.527

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-7681	date:	2003-12-15T00:00:00
db:	BID	id:	9092	date:	2003-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2003-000356	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200312-048	date:	2003-11-24T00:00:00
db:	NVD	id:	CVE-2003-0856	date:	2003-12-15T05:00:00