Potential DOS (Denial of Service) attack due to weak IPv4 and IPv6 sequence numbers
**CVE-ID:**CVE-2011-3188
**DESCRIPTION:The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. **
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/69392 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
IBM Storwize V7000 Unified system
The product is affected when running code releases 1.3.0.0 to 1.4.0.X
Restrict access to the system’s IP interface, for example using a private network or firewall technology. Only users with access to the IP interface can exploit the vulnerability.
A fix for this issue is in version 1.4.1.0 of IBM Storwize V7000 Unified system. Customers running affected version of V7000 Unified, should upgrade to 1.4.1.0 or a later version, so that the fix gets applied.
CPE | Name | Operator | Version |
---|---|---|---|
ibm storwize v7000 unified (2073) | eq | 1.3 | |
ibm storwize v7000 unified (2073) | eq | 1.4 |