SB2011030201 - Multiple vulnerabilities in Linux kernel
Published: March 2, 2011 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2011-1478)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a malformed VLAN frame.
2) NULL pointer dereference (CVE-ID: CVE-2011-1076)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel before 2.6.38 allows remote DNS servers to cause a denial of service (NULL pointer dereference and OOPS) by not providing a valid response to a DNS query, as demonstrated by an erroneous grand.centrall.org query, which triggers improper handling of error data within a DNS resolver key. A remote attacker can perform a denial of service (DoS) attack.
3) NULL pointer dereference (CVE-ID: CVE-2011-1093)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. A remote attacker can perform a denial of service (DoS) attack.
4) Out-of-bounds write (CVE-ID: CVE-2011-1013)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument.
5) Input validation error (CVE-ID: CVE-2011-1163)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.
6) Resource exhaustion (CVE-ID: CVE-2011-1082)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
7) Information disclosure (CVE-ID: CVE-2011-0711)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.
Remediation
Install update from vendor's website.
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=66c46d741e2e60f0e8b625b80edb0ab820c46d7a
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6d152e23ad1a7a5b40fef1f42e017d66e6115159
- http://mirror.anl.gov/pub/linux/kernel/v2.6/ChangeLog-2.6.38
- http://openwall.com/lists/oss-security/2011/03/28/1
- http://secunia.com/advisories/46397
- http://securityreason.com/securityalert/8480
- http://www.securityfocus.com/archive/1/520102/100/0/threaded
- http://www.vmware.com/security/advisories/VMSA-2011-0012.html
- https://bugzilla.redhat.com/show_bug.cgi?id=691270
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1362fa078dae16776cd439791c6605b224ea6171
- http://openwall.com/lists/oss-security/2011/03/04/13
- http://securitytracker.com/id?1025162
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
- http://downloads.avaya.com/css/P8/documents/100145416
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b2243058b4e447a929d
- http://openwall.com/lists/oss-security/2011/03/08/19
- http://openwall.com/lists/oss-security/2011/03/08/4
- http://rhn.redhat.com/errata/RHSA-2011-0833.html
- http://www.securityfocus.com/bid/46793
- https://bugzilla.redhat.com/show_bug.cgi?id=682954
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1922756124ddd53846877416d92ba4a802bc658f
- http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/drm_irq.c
- http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/drm_irq.c.diff?r1=1.41;r2=1.42;f=h
- http://www.securityfocus.com/bid/47639
- https://bugzilla.redhat.com/show_bug.cgi?id=679925
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67199
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
- http://openwall.com/lists/oss-security/2011/03/15/14
- http://openwall.com/lists/oss-security/2011/03/15/9
- http://securityreason.com/securityalert/8189
- http://securitytracker.com/id?1025225
- http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt
- http://www.securityfocus.com/archive/1/517050
- http://www.securityfocus.com/bid/46878
- http://www.spinics.net/lists/mm-commits/msg82737.html
- https://bugzilla.redhat.com/show_bug.cgi?id=688021
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e
- http://openwall.com/lists/oss-security/2011/03/02/1
- http://openwall.com/lists/oss-security/2011/03/02/2
- https://bugzilla.redhat.com/show_bug.cgi?id=681575
- https://lkml.org/lkml/2011/2/5/220
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba
- http://openwall.com/lists/oss-security/2011/02/16/10
- http://openwall.com/lists/oss-security/2011/02/16/4
- http://osvdb.org/70950
- http://rhn.redhat.com/errata/RHSA-2011-0927.html
- http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git3.log
- http://www.securityfocus.com/bid/46417
- https://bugzilla.redhat.com/show_bug.cgi?id=677260
- https://patchwork.kernel.org/patch/555461/