CVE-2003-0187

Name of the Vulnerable Software and Affected Versions Red Hat Linux kernel versions 2.4.20 Red Hat Linux kernel-smp versions 2.4.20 Red Hat Linux kernel-doc versions 2.4.20 Red Hat Linux kernel-source versions 2.4.20 Red Hat Linux kernel-BOOT versions 2.4.20 Red Hat Linux kernel-bigmem versions 2.4.20 Red Hat Linux oprofile version 0.4

Description The issue affects the connection tracking core of Netfilter for Linux 2.4.20, allowing remote attackers to cause a denial of service due to an inconsistency with Linux 2.4.20's support of linked lists. This inconsistency causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts. Exploitation of the vulnerabilities can lead to disruption of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For Red Hat Linux kernel versions 2.4.20, consider updating to a newer version to mitigate the risk. For Red Hat Linux kernel-smp versions 2.4.20, consider updating to a newer version to mitigate the risk. For Red Hat Linux kernel-doc versions 2.4.20, consider updating to a newer version to mitigate the risk. For Red Hat Linux kernel-source versions 2.4.20, consider updating to a newer version to mitigate the risk. For Red Hat Linux kernel-BOOT versions 2.4.20, consider updating to a newer version to mitigate the risk. For Red Hat Linux kernel-bigmem versions 2.4.20, consider updating to a newer version to mitigate the risk. For Red Hat Linux oprofile version 0.4, consider updating to a newer version to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.