Description
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
Affected products
- caldera / openlinux2.3 – 2.3
- caldera / openlinux_edesktop2.4 – 2.4
- caldera / openlinux_eserver2.3.1 – 2.3.1
- caldera / openlinux_server3.1 – 3.1
- caldera / openlinux_workstation3.1 – 3.1
- Linux / Linux kernel2.4.0 – 2.4.0
- Linux / Linux kernel2.0 – 2.0
- Linux / Linux kernel2.2.0 – 2.2.0
- SUSE / suse_linux6.3 – 6.3
- SUSE / suse_linux6.4 – 6.4
- SUSE / suse_linux7.0 – 7.0
- SUSE / suse_linux7.1 – 7.1
- SUSE / suse_linux7.2 – 7.2
- SUSE / suse_linux7.3 – 7.3
References
- MISChttp://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/7461
- VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2001_039_kernel2_txt.html
- MISChttp://www.redhat.com/support/errata/RHSA-2001-142.html
- VENDOR_ADVISORYhttp://www.linuxsecurity.com/advisories/other_advisory-1683.html
- VENDOR_ADVISORYhttp://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt
- MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432