CVE: CAN-2003-0551
Updated: Tue, 06 Jul 2004 14:30:25 +0900
Summary: The STP protocol, as enabled in Linux 2.4.x, does not provide
         sufficient security by design, which allows attackers to modify 
	 the bridge topology. (text:DSA-358-4)
Priority: High
Status: Closed
Source: DSA-358-4, RHSA-2004:198-17, RHSA-2003:238-16
Link:  http://www.ultramonkey.org/news_archive.shtml#2003080600
       http://www.ultramonkey.org/news_archive.shtml#2003120800
Resolved In:
  Kernel: 2.4.22-pre3
  Patch:  http://linux.bkbits.net:8080/linux-2.4/cset@1.1003.11.4?nav=index.html
  Red Hat Linux 7.3:
          Vendor:      kernel-2.4.20-19.7
          UltraMonkey: kernel-2.4.20-19.7.um.1
  Red Hat Linux 8.0:
          Vendor:      kernel-2.4.20-19.8
          UltraMonkey: kernel-2.4.20-19.8.um.1
  Red Hat Linux 9:
          Vendor:      kernel-2.4.20-19.9
          UltraMonkey: kernel-2.4.20-19.9.um.1 (initial release)
  Fedora Core 1:
          Vendor:      Not Vulnerable (=>2.4.22-pre3)
          UltraMonkey: Not Vulnerable (=>2.4.22-pre3)
  Red Hat Enterprise Linux 3:
          Vendor:      kernel-2.4.21-4.0.1.EL
          UltraMonkey: kernel-2.4.21-9.EL.um.1 (initial release)
  Debian Woody:
          Vendor:      kernel-source-2.4.18_2.4.18-11
          UltraMonkey: kernel-source-2.4.22_2.4.22-1-ipvs_2.4.22-4woody.um.1
  Debian Sid:
          Vendor:      kernel-2.4.21_2.4.21-4
          UltraMonkey: kernel-source-2.4.22_2.4.22-1-ipvs_2.4.22-4.um.1