[CentOS] UDP Constant IP Identification Field Fingerprinting Vulnerability
John R Pierce
pierce at hogranch.comFri Jun 24 16:24:06 UTC 2016
- Previous message: [CentOS] UDP Constant IP Identification Field Fingerprinting Vulnerability
- Next message: [CentOS] UDP Constant IP Identification Field Fingerprinting Vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 6/24/2016 9:20 AM, James B. Byrne wrote: > We received a notice from our pci-dss auditors respecting this: > > CVE-2002-0510 The UDP implementation in Linux 2.4.x kernels keeps the > IP Identification field at 0 for all non-fragmented packets, which > could allow remote attackers to determine that a target system is > running Linux. 2.4 kernels are kinda old. kinda really really old. are you still running CentOS 4 on PCI audited systems ?!?? -- john r pierce, recycling bits in santa cruz
- Previous message: [CentOS] UDP Constant IP Identification Field Fingerprinting Vulnerability
- Next message: [CentOS] UDP Constant IP Identification Field Fingerprinting Vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list