published date: August 27, 2003

CVE-2003-0187 : Denial of Service Vulnerability

Description

The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts.

Product(s):

Linux Kernel 2.4.20

CVSS:5 [Critical]
EPSS:0.66%
Exploitability:10
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2003-0187, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2003-0187 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2003-0187

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales