RHSA-2002_007
Vulnerability from csaf_redhat - Published: 2002-01-24 03:46 - Updated: 2024-11-21 22:15Summary
Red Hat Security Advisory: : Updated 2.4 kernel available
Notes
Topic
A security vulnerability in the Linux CIPE (VPN tunnel) implementation has
been fixed.
Details
Larry McVoy has discovered a problem in the CIPE (VPN tunnel)
implementation where a malformed packet could cause a crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2002-0047 to this issue.
Andrew Griffiths has discovered a vulnerability that allows remote machines
to read random memory using a bug in the Linux ICMP implementation.
However, 2.4 kernels after version 2.4.0-test6 and 2.2 kernels after
version 2.2.18 fix this issue. All Red Hat Linux 2.4 kernels have this
fix and are not vulnerable to this bug.
It is recommended that users running older 2.2 kernels on Red Hat Linux 6.2
or 7 upgrade to the latest available errata kernel, which includes a fix
for this problem. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2002-0046 to this issue.
A patch for recent 2.4 kernels is circulating to fix the bug in the Linux
ICMP implementation. Red Hat, Inc. recommends that you do not use this
patch since Red Hat Linux 2.4 kernels are not vulnerable to the bug and the
patch will actually break the kernel ICMP implementation.
In addition to the CIPE security fix, several other bugs were fixed, and
some drivers were updated:
* For Red Hat Linux 7.1: DRM/DRI (3D support) for the XFree86 erratum
RHEA-2002:010
* New aacraid driver rewritten by Alan Cox
* New DAC960 driver
* Additional Qlogic 2200 driver
* LM_Sensors driver upgrade
Please note the additional procedures in the "Solutions" section as they
differ from standard update procedures.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security vulnerability in the Linux CIPE (VPN tunnel) implementation has\nbeen fixed.",
"title": "Topic"
},
{
"category": "general",
"text": "Larry McVoy has discovered a problem in the CIPE (VPN tunnel)\nimplementation where a malformed packet could cause a crash. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2002-0047 to this issue.\n\nAndrew Griffiths has discovered a vulnerability that allows remote machines\nto read random memory using a bug in the Linux ICMP implementation.\nHowever, 2.4 kernels after version 2.4.0-test6 and 2.2 kernels after\nversion 2.2.18 fix this issue. All Red Hat Linux 2.4 kernels have this\nfix and are not vulnerable to this bug.\n\nIt is recommended that users running older 2.2 kernels on Red Hat Linux 6.2\nor 7 upgrade to the latest available errata kernel, which includes a fix\nfor this problem. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2002-0046 to this issue.\n\nA patch for recent 2.4 kernels is circulating to fix the bug in the Linux\nICMP implementation. Red Hat, Inc. recommends that you do not use this\npatch since Red Hat Linux 2.4 kernels are not vulnerable to the bug and the\npatch will actually break the kernel ICMP implementation.\n\nIn addition to the CIPE security fix, several other bugs were fixed, and\nsome drivers were updated:\n\n* For Red Hat Linux 7.1: DRM/DRI (3D support) for the XFree86 erratum\n RHEA-2002:010\n* New aacraid driver rewritten by Alan Cox\n* New DAC960 driver\n* Additional Qlogic 2200 driver \n* LM_Sensors driver upgrade\n\nPlease note the additional procedures in the \"Solutions\" section as they\ndiffer from standard update procedures.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2002:007",
"url": "https://access.redhat.com/errata/RHSA-2002:007"
},
{
"category": "external",
"summary": "54855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=54855"
},
{
"category": "external",
"summary": "55476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=55476"
},
{
"category": "external",
"summary": "55605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=55605"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2002/rhsa-2002_007.json"
}
],
"title": "Red Hat Security Advisory: : Updated 2.4 kernel available",
"tracking": {
"current_release_date": "2024-11-21T22:15:47+00:00",
"generator": {
"date": "2024-11-21T22:15:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2002:007",
"initial_release_date": "2002-01-24T03:46:00+00:00",
"revision_history": [
{
"date": "2002-01-24T03:46:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2002-01-09T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:15:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 7.1",
"product": {
"name": "Red Hat Linux 7.1",
"product_id": "Red Hat Linux 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Linux 7.2",
"product": {
"name": "Red Hat Linux 7.2",
"product_id": "Red Hat Linux 7.2",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:7.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2002-0046",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616728"
}
],
"notes": [
{
"category": "description",
"text": "Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0046"
},
{
"category": "external",
"summary": "RHBZ#1616728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616728"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0046",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0046"
}
],
"release_date": "2002-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-01-24T03:46:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Red Hat Linux 7.1 users should\nupdate the packages in the XFree86 Erratum (RHEA-2002:010).\n\nThe procedure for upgrading the kernel is documented at:\n\nhttp://www.redhat.com/support/docs/howto/kernel-upgrade/\n\nPlease read the directions for your architecture carefully before\nproceeding with the kernel upgrade.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this to be an easier way to apply updates. To use Red Hat\nNetwork, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system. Note that you need to select the kernel\nexplicitly on default configurations of up2date.",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:007"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2002-0047",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1616729"
}
],
"notes": [
{
"category": "description",
"text": "CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2002-0047"
},
{
"category": "external",
"summary": "RHBZ#1616729",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616729"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2002-0047",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2002-0047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0047"
}
],
"release_date": "2002-01-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2002-01-24T03:46:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Red Hat Linux 7.1 users should\nupdate the packages in the XFree86 Erratum (RHEA-2002:010).\n\nThe procedure for upgrading the kernel is documented at:\n\nhttp://www.redhat.com/support/docs/howto/kernel-upgrade/\n\nPlease read the directions for your architecture carefully before\nproceeding with the kernel upgrade.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this to be an easier way to apply updates. To use Red Hat\nNetwork, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system. Note that you need to select the kernel\nexplicitly on default configurations of up2date.",
"product_ids": [
"Red Hat Linux 7.1",
"Red Hat Linux 7.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2002:007"
}
],
"title": "security flaw"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…