Vulnerability Description
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Caldera | Openlinux Server | 3.1 |
| Caldera | Openlinux Workstation | 3.1 |
| Caldera | Openlinux | 2.3 |
| Caldera | Openlinux Edesktop | 2.4 |
| Caldera | Openlinux Eserver | 2.3.1 |
| Linux | Linux Kernel | 2.0 |
| Suse | Suse Linux | 6.3 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432
- http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txtPatchVendor Advisory
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3
- http://www.linuxsecurity.com/advisories/other_advisory-1683.htmlPatchVendor Advisory
- http://www.novell.com/linux/security/advisories/2001_039_kernel2_txt.html
- http://www.redhat.com/support/errata/RHSA-2001-142.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7461
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432
- http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txtPatchVendor Advisory
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3
- http://www.linuxsecurity.com/advisories/other_advisory-1683.htmlPatchVendor Advisory
- http://www.novell.com/linux/security/advisories/2001_039_kernel2_txt.html
- http://www.redhat.com/support/errata/RHSA-2001-142.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7461
FAQ
What is CVE-2001-0851?
CVE-2001-0851 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
How severe is CVE-2001-0851?
CVE-2001-0851 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0851?
Check the references section above for vendor advisories and patch information. Affected products include: Caldera Openlinux Server, Caldera Openlinux Workstation, Caldera Openlinux, Caldera Openlinux Edesktop, Caldera Openlinux Eserver.