![[Monkey]](/pics/monkey_wht.jpg)
| prev up next | |
| CVE | CAN-2003-0550[offsite] |
| Updated | Tue, 06 Jul 2004 14:30:55 +0900 |
| Summary | The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. This bug has been fixed by disabling STP by default. (text:DSA-358-4) |
| Priority | High |
| Status | Closed |
| Source | DSA-358-4 RHSA-2004:188-14 RHSA-2003:238-16 |
| Link | Ultra Monkey News 2003-08-06-00 Ultra Monkey News 2003-12-08-00 |
| Resolved In | |
| Kernel | 2.4.22-pre3 |
| Patch | Change Set 1.1003.11.4[offsite] |
| Red Hat Linux 7.3 | |
| Vendor | kernel-2.4.20-19.7 |
| UltraMonkey | kernel-2.4.20-19.7.um.1 |
| Red Hat Linux 8.0 | |
| Vendor | kernel-2.4.20-19.8 |
| UltraMonkey | kernel-2.4.20-19.8.um.1 |
| Red Hat Linux 9 | |
| Vendor | kernel-2.4.20-19.9 |
| UltraMonkey | kernel-2.4.20-19.9.um.1 (initial release) |
| Fedora Core 1 | |
| Vendor | Not Vulnerable (=>2.4.22-pre3) |
| UltraMonkey | Not Vulnerable (=>2.4.22-pre3) |
| Red Hat Enterprise Linux 3 | |
| Vendor | kernel-2.4.21-4.0.1.EL |
| UltraMonkey | kernel-2.4.21-9.EL.um.1 (initial release) |
| Debian Woody | |
| Vendor | kernel-source-2.4.18_2.4.18-11 |
| UltraMonkey | kernel-source-2.4.22_2.4.22-1-ipvs_2.4.22-4woody.um.1 |
| Debian Sid | |
| Vendor | kernel-2.4.21_2.4.21-4 |
| UltraMonkey | kernel-source-2.4.22_2.4.22-1-ipvs_2.4.22-4.um.1 |
| local data for debugging. | |
| Information provided here is based on the information from the links above and is intended as a refereance only. | |
Copyright © 2000-2005,
Horms
Last Updated: Sat, 04 Mar 2006 02:33:59 -0500
Debian is a registered trademark of Software in the Public Interest, Inc.
Red Hat, the Red Hat Shadowman logo and Fedora are
registered trademarks of Red Hat, Inc.
Red Hat may also be refered to as RedHat on this site.
Linux is a registered trademark of Linus Torvalds.
All other trademarks are the property of their respective owners.