CVE-2001-1126
First published: Fri Oct 05 2001(Updated: )
Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec LiveUpdate | =1.5 | |
| Symantec LiveUpdate | =1.6 | |
| Symantec LiveUpdate | =1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-1126?
CVE-2001-1126 is considered a medium severity vulnerability as it allows remote attackers to cause a denial of service.
How do I fix CVE-2001-1126?
To fix CVE-2001-1126, upgrade to a version of Symantec LiveUpdate that is not affected, preferably a version later than 1.6.
What versions of Symantec LiveUpdate are affected by CVE-2001-1126?
CVE-2001-1126 affects Symantec LiveUpdate versions 1.4, 1.5, and 1.6.
What type of attack does CVE-2001-1126 involve?
CVE-2001-1126 involves a denial of service attack caused by DNS spoofing.
Is it necessary to take action if I am using an unpatched version of Symantec LiveUpdate?
Yes, it is necessary to upgrade if you are using an unpatched version of Symantec LiveUpdate to protect against the denial of service risk presented by CVE-2001-1126.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/tags
- agent/description
- agent/event
- agent/source
- vendor/symantec
- canonical/symantec liveupdate
- version/symantec liveupdate/1.5
- version/symantec liveupdate/1.6
- version/symantec liveupdate/1.4