{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-08-23T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-18T23:06:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/bc0b96b54a21246e377122d54569eef71cec535f"}, {"name": "[oss-security] 20110823 Re: CVE request: kernel: change in how tcp seq numbers are generated", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/08/23/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732658"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"}, {"name": "HPSBGN02970", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bc0b96b54a21246e377122d54569eef71cec535f"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K15301?utm_source=f5support&amp%3Butm_medium=RSS"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:22:27.694Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/bc0b96b54a21246e377122d54569eef71cec535f"}, {"name": "[oss-security] 20110823 Re: CVE request: kernel: change in how tcp seq numbers are generated", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/08/23/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732658"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"}, {"name": "HPSBGN02970", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bc0b96b54a21246e377122d54569eef71cec535f"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K15301?utm_source=f5support&amp%3Butm_medium=RSS"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-3188", "datePublished": "2012-05-24T23:00:00", "dateReserved": "2011-08-19T00:00:00", "dateUpdated": "2024-08-06T23:22:27.694Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "156989A4-23D9-434A-B512-9C0F3583D13D", "versionEndExcluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6172AF57-B26D-45F8-BE3A-F75ABDF28F49", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*", "matchCriteriaId": "F20E6644-F925-4283-AD92-7B0696F52310", "versionEndIncluding": "6.4.0", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "79618AB4-7A8E-4488-8608-57EC2F8681FE", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0483E71B-931F-4566-AD6F-D5ABF64FFA06", "versionEndIncluding": "11.1.0", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "47A1E3F1-F319-4A75-9211-29B273E76F03", "versionEndIncluding": "11.1.0", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "667D3780-3949-41AC-83DE-5BCB8B36C382", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EDED2D2-B85B-4680-9970-A6CE3343422C", "versionEndIncluding": "11.1.0", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8347412-DC42-4B86-BF6E-A44A5E1541ED", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "06D3514D-B1C2-4304-96DA-A84847104AF6", "versionEndIncluding": "11.1.0", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B5AF8C8-578E-4FD7-8BAA-53A57EE4C653", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "142D050F-0D22-4D21-AB14-3AD0500A6D3F", "versionEndIncluding": "11.1.0", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DF6BB8A-FA63-4DBC-891C-256FF23CBCF0", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFC44375-AF21-4438-9FF9-244095DEA2B7", "versionEndIncluding": "11.1.0", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "289CEABB-22A2-436D-AE4B-4BDA2D0EAFDB", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "412829BD-A98B-4AD5-8B93-2C4C20AC15D8", "versionEndIncluding": "11.1.0", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C0B4C01-C71E-4E35-B63A-68395984E033", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF7C328A-E18A-425E-B38F-996CC96D402E", "versionEndIncluding": "11.1.0", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB60C39D-52ED-47DD-9FB9-2B4BC8D9F8AC", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1DB046D-1AC3-4F5C-95BF-31BBCE1C44BE", "versionEndIncluding": "11.1.0", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE007A64-5867-4B1A-AEFB-3AB2CD6A5EA4", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BD1D6A6-50A8-4794-8C7B-E3C3BC48A262", "versionEndIncluding": "11.1.0", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:enterprise_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ADD1B04-9F78-40B3-8314-6935277073B0", "versionEndIncluding": "2.3.0", "versionStartIncluding": "2.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:enterprise_manager:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "125C8A19-4F51-42DD-BA11-F299721EFBB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*", "matchCriteriaId": "15CE213B-F42C-4C2E-AFBD-852AB049FF8A", "versionEndIncluding": "6.1.0", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "442D343A-973B-4C33-B99B-1EA2B7670DE5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets."}, {"lang": "es", "value": "Las implementaciones de (1) IPv4 y (2) IPv6 en el kernel de Linux antes de v3.1 utiliza una versi\u00f3n modificada de algoritmo MD4 para generar n\u00fameros de secuencia y valores de los fragmentos de identificaci\u00f3n, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos causar una denegaci\u00f3n de servicio (red interrumpida) o secuestrar sesiones de red mediante la predicci\u00f3n de estos valores y el env\u00edo de paquetes manipulados."}], "id": "CVE-2011-3188", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2012-05-24T23:55:02.213", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec"}, {"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bc0b96b54a21246e377122d54569eef71cec535f"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2011/08/23/2"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732658"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/bc0b96b54a21246e377122d54569eef71cec535f"}, {"source": "secalert@redhat.com", "url": "https://support.f5.com/csp/article/K15301?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bc0b96b54a21246e377122d54569eef71cec535f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2011/08/23/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732658"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/bc0b96b54a21246e377122d54569eef71cec535f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K15301?utm_source=f5support&amp%3Butm_medium=RSS"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Dan Kaminsky for reporting this issue.", "affected_release": [{"advisory": "RHSA-2011:1386", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-274.7.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2011-10-20T00:00:00Z"}, {"advisory": "RHSA-2011:1419", "cpe": "cpe:/o:redhat:rhel_eus:5.6", "package": "kernel-0:2.6.18-238.28.1.el5", "product_name": "Red Hat Enterprise Linux 5.6 EUS - Server Only", "release_date": "2011-11-01T00:00:00Z"}, {"advisory": "RHSA-2011:1465", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-131.21.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-11-22T00:00:00Z"}, {"advisory": "RHSA-2012:0010", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-0:2.6.33.9-rt31.79.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-01-10T00:00:00Z"}], "bugzilla": {"description": "kernel: net: improve sequence number generation", "id": "732658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732658"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified"}, "details": ["The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets."], "name": "CVE-2011-3188", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 4"}], "public_date": "2011-08-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-3188\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-3188"], "statement": "This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. It has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html, https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.", "threat_severity": "Moderate"}