CVE-2011-3188

The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.

Published: May 25, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-3188
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	3.1
redhat / enterprise_linux	4.0	4.0.x
f5 / enterprise_manager	3.0.0	3.0.0.x
f5 / firepass	7.0.0	7.0.0.x
f5 / big-ip_local_traffic_manager	10.0.0	10.2.4.x
f5 / big-ip_access_policy_manager	10.1.0	10.2.4.x
f5 / big-ip_edge_gateway	10.1.0	10.2.4.x
f5 / big-ip_global_traffic_manager	10.0.0	10.2.4.x
f5 / big-ip_link_controller	10.0.0	10.2.4.x
f5 / big-ip_webaccelerator	10.0.0	10.2.4.x
f5 / big-ip_wan_optimization_manager	10.0.0	10.2.4.x
f5 / big-ip_protocol_security_module	10.0.0	10.2.4.x
f5 / big-ip_application_security_manager	10.0.0	10.2.4.x
f5 / firepass	6.0.0	6.1.0.x
f5 / arx	6.0.0	6.4.0.x
f5 / enterprise_manager	2.1.0	2.3.0.x
f5 / big-ip_wan_optimization_manager	11.0.0	11.1.0.x
f5 / big-ip_webaccelerator	11.0.0	11.1.0.x
f5 / big-ip_protocol_security_module	11.0.0	11.1.0.x
f5 / big-ip_link_controller	11.0.0	11.1.0.x
f5 / big-ip_global_traffic_manager	11.0.0	11.1.0.x
f5 / big-ip_edge_gateway	11.0.0	11.1.0.x
f5 / big-ip_application_security_manager	11.0.0	11.1.0.x
f5 / big-ip_access_policy_manager	11.0.0	11.1.0.x
f5 / big-ip_local_traffic_manager	11.0.0	11.1.0.x
f5 / big-ip_analytics	11.0.0	11.1.0.x

Vulnerability Database

289,599

CVE-2011-3188