CVE-2003-0550 Information

Description

The STP protocol as enabled in Linux 2.4.x does not provide sufficient security by design which allows attackers to modify the bridge topology.

Reference

http://www.debian.org/security/2004/dsa-358 http://www.debian.org/security/2004/dsa-423 http://www.redhat.com/support/errata/RHSA-2003-238.html http://www.redhat.com/support/errata/RHSA-2003-239.html https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A380