CVE-2011-3188

Published: 25 August 2011

The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.

From the Ubuntu Security Team

Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets.

Notes

Author	Note
jdstrand	http://git.kernel.org/linus/bc0b96b54a21246e377122d54569eef71cec535f http://git.kernel.org/linus/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec

Priority

Cvss 3 Severity Score

9.1

Score breakdown

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	upstream	Released (3.1~rc1)
	hardy	Released (2.6.24-29.95)
	lucid	Released (2.6.32-35.78)
	maverick	Released (2.6.35-30.61)
	natty	Released (2.6.38-12.51)
	oneiric	Not vulnerable (3.0.0-9.12)
	Patches: upstream: http://git.kernel.org/linus/bc0b96b54a21246e377122d54569eef71cec535f upstream: http://git.kernel.org/linus/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec
linux-ec2 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.32-319.39)
	maverick	Ignored (end of life)
	natty	Does not exist
	oneiric	Does not exist
	upstream	Released (3.1~rc1)
linux-fsl-imx51 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.31-611.29)
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Released (3.1~rc1)
linux-lts-backport-maverick Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.35-30.61~lucid1)
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Released (3.1~rc1)
linux-lts-backport-natty Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.38-12.51~lucid1)
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Released (3.1~rc1)
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Not vulnerable
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Released (3.1~rc1)
linux-mvl-dove Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.32-219.37)
	maverick	Released (2.6.32-419.37)
	natty	Does not exist
	oneiric	Does not exist
	upstream	Released (3.1~rc1)
linux-ti-omap4 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	maverick	Released (2.6.35-903.25)
	natty	Released (2.6.38-1209.16)
	oneiric	Not vulnerable (3.0.0-1204.9)
	upstream	Released (3.1~rc1)

Severity score breakdown

Parameter	Value
Base score	9.1
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

References

Bugs

https://launchpad.net/bugs/834129

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›