1. CVE-Search
  2. CVE-2003-0550
ID CVE-2003-0550
Summary The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:linux:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:linux:2.4.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
oval via4
accepted 2007-04-25T19:52:27.798-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
description The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology.
family unix
id oval:org.mitre.oval:def:380
status accepted
submitted 2003-09-26T12:00:00.000-04:00
title Insecure Design of the STP Protocol
version 37
redhat via4
advisories
  • rhsa
    id RHSA-2003:238
  • rhsa
    id RHSA-2003:239
refmap via4
debian
  • DSA-358
  • DSA-423
Last major update 11-10-2017 - 01:29
Published 27-08-2003 - 04:00
Last modified 11-10-2017 - 01:29
Back to Top