CVE: CAN-2003-0464
Updated: Tue, 06 Jul 2004 14:32:11 +0900
Summary: The RPC code in Linux kernel 2.4 sets the reuse flag when sockets
         are created, which could allow local users to bind to UDP ports 
	 that are used by privileged services such as nfsd. 
	 (text:CAN-2003-0464)
Priority: High
Status: Closed
Source: RHSA-2003:238-16, DSA-311-1
Link:  http://www.ultramonkey.org/news_archive.shtml#2003080600
       http://www.ultramonkey.org/news_archive.shtml#2003120800
Resolved In:
  Kernel: 2.4.22-pre8
  Patch:  http://linux.bkbits.net:8080/linux-2.4/cset@1.1019.1.2?nav=index.html
  Red Hat Linux 7.3:
          Vendor:      kernel-2.4.20-19.7
          UltraMonkey: kernel-2.4.20-19.7.um.1
  Red Hat Linux 8.0:
          Vendor:      kernel-2.4.20-19.8
          UltraMonkey: kernel-2.4.20-19.8.um.1
  Red Hat Linux 9:
            Vendor:      kernel-2.4.20-19.9
          UltraMonkey: kernel-2.4.20-19.9.um.1 (initial release)
  Fedora Core 1:
          Vendor:      Not Vulnerable (>=2.4.22-pre8)
          UltraMonkey: Not Vulnerable (>=2.4.22-pre8)
  Red Hat Enterprise Linux 3:
          Vendor:      kernel-2.4.21-4.EL (initial release)
          UltraMonkey: kernel-2.4.21-9.EL.um.1 (initial release)
  Debian Woody:
          Vendor:      kernel-source-2.4.18_2.4.18-8
          UltraMonkey: kernel-source-2.4.22_2.4.22-4woody.um.1
  Debian Sid:
          Vendor:      kernel-2.4.21_2.4.21-4
          UltraMonkey: kernel-source-2.4.22_2.4.22-4.um.1