Integer Underflow Vulnerability in Linux Firewall Logging Rules by Mandrake
CVE-2004-0816

7.5HIGH

Key Information:

Vendor
Linux
Status
Linux Kernel
Suse Linux
Vendor
CVE Published:
23 December 2004

Summary

An integer underflow issue in the firewall logging rules for iptables in Linux prior to version 2.6.8 allows remote attackers to exploit a crafted IP packet, leading to a denial of service, which can crash the application. This vulnerability highlights the importance of implementing robust input validation and controls in firewall management to prevent unauthorized access and service disruptions.

References

http://secunia.com/advisories/11202/
third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-20...
vendor-advisoryx_refsource_MANDRAKE
http://www.novell.com/linux/security/advisories/2004_37_k...
vendor-advisoryx_refsource_SUSE

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2004-0816 : Integer Underflow Vulnerability in Linux Firewall Logging Rules by Mandrake | SecurityVulnerability.io