Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM96FD50577A8AF994A95064355E758D88E5C1057FA1CA5E7C50F7F6377D4609D8
HistoryJun 18, 2018 - 12:07 a.m.

Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in IBM Storwize V7000 Unified system (CVE-2011-3188)

2018-06-1800:07:45
www.ibm.com
15

0.016 Low

EPSS

Percentile

87.3%

JSON

Summary

Potential DOS (Denial of Service) attack due to weak IPv4 and IPv6 sequence numbers

Vulnerability Details

**CVE-ID:**CVE-2011-3188

**DESCRIPTION:The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. **

_CVE-2011-3188 _

CVSS Base Score: 5.8

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/69392 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM Storwize V7000 Unified system
The product is affected when running code releases 1.3.0.0 to 1.4.0.X

Workarounds and Mitigations

Restrict access to the system’s IP interface, for example using a private network or firewall technology. Only users with access to the IP interface can exploit the vulnerability.

A fix for this issue is in version 1.4.1.0 of IBM Storwize V7000 Unified system. Customers running affected version of V7000 Unified, should upgrade to 1.4.1.0 or a later version, so that the fix gets applied.

Related

prion 1
cve 1
nessus 35
ubuntucve 1
ibm 4
veracode 1
nvd 1
f5 2
cvelist 1
redhat 5
securityvulns 4
amazon 2
ubuntu 12
openvas 49
suse 3
oraclelinux 4
centos 1
debian 3
osv 2
fedora 4
vmware 2
prion
prion
Design/Logic Flaw
2012-05-24 23:55:00
cve
cve
CVE-2011-3188
2012-05-24 23:55:02
nessus
nessus
Juniper NSM Linux Kernel TCP Sequence Number Generation Issue (PSN-2012-08-688)
2013-09-13 00:00:00
Linux Kernel TCP Sequence Number Generation Security Weakness
2011-09-23 00:00:00
F5 Networks BIG-IP : Linux kernel TCP ISN vulnerability (K15301)
2014-10-10 00:00:00
ubuntucve
ubuntucve
CVE-2011-3188
2011-08-25 00:00:00
ibm
ibm
Security Bulletin: Flex System Manager (FSM) Denial of Service (CVE-2011-3188)
2019-01-30 08:20:01
Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in SAN Volume Controller and Storwize Family (CVE-2011-3188)
2023-03-29 01:48:02
Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in SAN Volume Controller and Storwize Family (CVE-2011-3188)
2022-08-20 00:54:31
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 01:07:46
nvd
nvd
CVE-2011-3188
2012-05-24 23:55:02
f5
f5
K15301 : Linux kernel TCP ISN vulnerability CVE-2011-3188
2014-07-25 00:00:00
SOL15301 - Linux kernel TCP ISN vulnerability CVE-2011-3188
2014-06-02 00:00:00
cvelist
cvelist
CVE-2011-3188
2012-05-24 23:00:00
redhat
redhat
(RHSA-2011:1419) Moderate: kernel security and bug fix update
2011-11-01 00:00:00
(RHSA-2011:1465) Important: kernel security and bug fix update
2011-11-22 00:00:00
(RHSA-2012:0010) Important: kernel-rt security and bug fix update
2012-01-10 00:00:00
securityvulns
securityvulns
Linux kernel security vulnerabilities
2011-09-13 00:00:00
[SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression
2011-09-13 00:00:00
HP Rapid Deployment Pack / HP Insight Control Server Deployment multiple security vulnerabilities
2014-03-27 00:00:00
amazon
amazon
Medium: kernel
2011-10-31 18:26:00
Medium: kernel
2011-12-02 22:23:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2011-10-20 00:00:00
Linux kernel vulnerabilities
2011-10-25 00:00:00
Linux kernel (OMAP4) vulnerabilities
2011-10-12 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1236-1)
2011-10-21 00:00:00
Ubuntu Update for linux USN-1236-1
2011-10-21 00:00:00
Amazon Linux: Security Advisory (ALAS-2011-16)
2015-09-08 00:00:00
suse
suse
Security update for Linux kernel (important)
2011-12-14 08:08:27
Security update for Linux kernel (important)
2011-12-13 19:08:30
remote denial of service in kernel
2011-12-13 17:34:50
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2011-11-25 00:00:00
kernel security and bug fix update
2011-11-22 00:00:00
kernel security, bug fix, and enhancement update
2011-10-21 00:00:00
centos
centos
kernel security update
2011-10-21 00:31:03
debian
debian
[SECURITY] [DSA 2310-1] linux-2.6 security update
2011-09-22 22:48:48
[SECURITY] [DSA 2303-1] linux-2.6 security update
2011-09-08 21:31:02
[SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression
2011-09-11 02:06:57
osv
osv
linux-2.6 - several issues
2011-09-22 00:00:00
linux-2.6 - several issues
2011-09-10 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: kernel-2.6.35.14-97.fc14
2011-10-08 17:59:55
[SECURITY] Fedora 14 Update: kernel-2.6.35.14-100.fc14
2011-10-30 00:31:24
[SECURITY] Fedora 14 Update: kernel-2.6.35.14-103.fc14
2011-11-04 20:29:13
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00

0.016 Low

EPSS

Percentile

87.3%

JSON
Related for 96FD50577A8AF994A95064355E758D88E5C1057FA1CA5E7C50F7F6377D4609D8
prion1cve1nessus35ubuntucve1ibm4veracode1nvd1f52cvelist1redhat5securityvulns4amazon2ubuntu12openvas49suse3oraclelinux4centos1debian3osv2fedora4vmware2