Ultra Monkey: Kernel Security Bug Database: CAN-2003-0187

Ultra Monkey: High Availability and Load Balancing Solution for Linux

Ultra Monkey: Kernel Security Bug Database

CAN-2003-0187

prev up next
CVE CAN-2003-0187[offsite]
Updated Tue, 06 Jul 2004 14:34:22 +0900
Summary The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts. (text:CAN-2003-0187)
Priority High
Status Closed
Source RHSA-2003:172-27 Netfilter.Org
Link Ultra Monkey News 2003-06-05-00 Ultra Monkey News 2003-12-08-00
Resolved In
  Kernel 2.4.21-pre6 (Introduced in 2.4.20-pre6)
  Patch Change Set 1.930.35.21[offsite]
  Red Hat Linux 7.3
          Vendor kernel-2.4.20-13.7
          UltraMonkey kernel-2.4.20-18.7.um.1
  Red Hat Linux 8.0
          Vendor kernel-2.4.20-13.8
          UltraMonkey kernel-2.4.20-18.8.um.1
  Red Hat Linux 9
          Vendor kernel-2.4.20-13.9
          UltraMonkey kernel-2.4.20-19.9.um.1 (initial release)
  Fedora Core 1
          Vendor Not Vulnerable (>2.4.20)
          UltraMonkey Not Vulnerable (>2.4.20)
  Red Hat Enterprise Linux 3
          Vendor Not Vulnerable (>2.4.20)
          UltraMonkey Not Vulnerable (>2.4.20)
  Debian Woody
          Vendor Not Vulnerable (<2.4.20-pre6)
          UltraMonkey 2.4.22-4woody.um.1
  Debian Sid
          Vendor kernel-source-2.4.20_2.4.20-13
          UltraMonkey 2.4.22-4.um.1
local data for debugging.
Information provided here is based on the information from the links above and is intended as a refereance only.

Copyright © 2000-2005, Horms
Last Updated: Sat, 04 Mar 2006 02:33:59 -0500

Debian is a registered trademark of Software in the Public Interest, Inc.
Red Hat, the Red Hat Shadowman logo and Fedora are registered trademarks of Red Hat, Inc.
Red Hat may also be refered to as RedHat on this site.
Linux is a registered trademark of Linus Torvalds.
All other trademarks are the property of their respective owners.

prev up next
CVE	CAN-2003-0187[offsite]
Updated	Tue, 06 Jul 2004 14:34:22 +0900
Summary	The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts. (text:CAN-2003-0187)
Priority	High
Status	Closed
Source	RHSA-2003:172-27 Netfilter.Org
Link	Ultra Monkey News 2003-06-05-00 Ultra Monkey News 2003-12-08-00
Resolved In
Kernel	2.4.21-pre6 (Introduced in 2.4.20-pre6)
Patch	Change Set 1.930.35.21[offsite]
Red Hat Linux 7.3
Vendor	kernel-2.4.20-13.7
UltraMonkey	kernel-2.4.20-18.7.um.1
Red Hat Linux 8.0
Vendor	kernel-2.4.20-13.8
UltraMonkey	kernel-2.4.20-18.8.um.1
Red Hat Linux 9
Vendor	kernel-2.4.20-13.9
UltraMonkey	kernel-2.4.20-19.9.um.1 (initial release)
Fedora Core 1
Vendor	Not Vulnerable (>2.4.20)
UltraMonkey	Not Vulnerable (>2.4.20)
Red Hat Enterprise Linux 3
Vendor	Not Vulnerable (>2.4.20)
UltraMonkey	Not Vulnerable (>2.4.20)
Debian Woody
Vendor	Not Vulnerable (<2.4.20-pre6)
UltraMonkey	2.4.22-4woody.um.1
Debian Sid
Vendor	kernel-source-2.4.20_2.4.20-13
UltraMonkey	2.4.22-4.um.1
local data for debugging.
Information provided here is based on the information from the links above and is intended as a refereance only.