- Description
- The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
- Red HatNot affected. Red Hat did not ship iptables-devel or anything else that used these vulnerable functions with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 4 and 5 contained a backported patch to correct this issue.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A423B773-6B8B-4BA3-80A1-C8CAEF4D9BBE"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40D8DAE0-8E75-435C-9BD6-FAEED2ACB47C"
}
],
"operator": "OR"
}
]
}
]