CVE-2001-1398

Name of the Vulnerable Software and Affected Versions Debian GNU/Linux kernel-image-2.2.19-amiga version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-atari version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-bvme6000 version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-chrp version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-compact version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-generic version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-ide version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-idepci version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-jensen version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-mac version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-mvme147 version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-mvme16x version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-nautilus version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-pmac version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-prep version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-smp version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4cdm version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4dm-pci version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4dm-smp version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4u version 2.2.19 Debian GNU/Linux kernel-image-2.2.19-sun4u-smp version 2.2.19 Red Hat Linux mount-2.10r-0.6.x version 2.10r-0.6.x Red Hat Linux mount-2.10r-5 version 2.10r-5 Red Hat Linux losetup-2.10r-0.6.x version 2.10r-0.6.x Red Hat Linux losetup-2.10r-5 version 2.10r-5 Red Hat Linux nfs-utils-0.3.1 version 0.3.1 Linux kernel versions prior to 2.2.19

Description The issue is related to multiple vulnerabilities in various packages of Debian GNU/Linux and Red Hat Linux operating systems. These vulnerabilities can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. The vulnerabilities are related to the kernel-image and other packages, and their exploitation can result in unauthorized access to sensitive data. The Linux kernel before version 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability.

Recommendations As a temporary workaround, consider disabling the vulnerable kernel-image packages until a patch is available. Restrict access to the vulnerable mount and losetup packages to minimize the risk of exploitation. Avoid using the vulnerable nfs-utils package until the issue is resolved. Update the Linux kernel to version 2.2.19 or later to fix the vulnerability. For each affected version of the kernel-image package, update to a version that is not vulnerable. For Red Hat Linux, update the mount, losetup, and nfs-utils packages to versions that are not vulnerable.