Risk | High |
Patch available | YES |
Number of vulnerabilities | 7 |
CVE-ID | CVE-2011-1478 CVE-2011-1076 CVE-2011-1093 CVE-2011-1013 CVE-2011-1163 CVE-2011-1082 CVE-2011-0711 |
CWE-ID | CWE-476 CWE-787 CWE-20 CWE-400 CWE-200 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #6 is available. |
Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
EUVDB-ID: #VU44578
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-1478
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a malformed VLAN frame.
MitigationUpdate to version 2.6.38.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.37.6
CPE2.3https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=66c46d741e2e60f0e8b625b80edb0ab820c46d7a
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6d152e23ad1a7a5b40fef1f42e017d66e6115159
https://mirror.anl.gov/pub/linux/kernel/v2.6/ChangeLog-2.6.38
https://openwall.com/lists/oss-security/2011/03/28/1
https://secunia.com/advisories/46397
https://securityreason.com/securityalert/8480
https://www.securityfocus.com/archive/1/520102/100/0/threaded
https://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=691270
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU44642
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-1076
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel before 2.6.38 allows remote DNS servers to cause a denial of service (NULL pointer dereference and OOPS) by not providing a valid response to a DNS query, as demonstrated by an erroneous grand.centrall.org query, which triggers improper handling of error data within a DNS resolver key. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate to version 2.6.38.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.37.6
CPE2.3https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1362fa078dae16776cd439791c6605b224ea6171
https://openwall.com/lists/oss-security/2011/03/04/13
https://securitytracker.com/id?1025162
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU44878
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-1093
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. A remote attacker can perform a denial of service (DoS) attack.
MitigationUpdate to version 2.6.38.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.37.6
CPE2.3https://downloads.avaya.com/css/P8/documents/100145416
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=720dc34bbbe9493c7bd48b2243058b4e447a929d
https://openwall.com/lists/oss-security/2011/03/08/19
https://openwall.com/lists/oss-security/2011/03/08/4
https://rhn.redhat.com/errata/RHSA-2011-0833.html
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
https://www.securityfocus.com/bid/46793
https://bugzilla.redhat.com/show_bug.cgi?id=682954
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU45060
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2011-1013
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.37.6
CPE2.3https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1922756124ddd53846877416d92ba4a802bc658f
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
https://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/drm_irq.c
https://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/drm_irq.c.diff?r1=1.41;r2=1.42;f=h
https://www.securityfocus.com/bid/47639
https://bugzilla.redhat.com/show_bug.cgi?id=679925
https://exchange.xforce.ibmcloud.com/vulnerabilities/67199
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU45141
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2011-1163
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.37.6
CPE2.3https://downloads.avaya.com/css/P8/documents/100145416
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05
https://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
https://openwall.com/lists/oss-security/2011/03/15/14
https://openwall.com/lists/oss-security/2011/03/15/9
https://rhn.redhat.com/errata/RHSA-2011-0833.html
https://securityreason.com/securityalert/8189
https://securitytracker.com/id?1025225
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
https://www.pre-cert.de/advisories/PRE-SA-2011-02.txt
https://www.securityfocus.com/archive/1/517050
https://www.securityfocus.com/bid/46878
https://www.spinics.net/lists/mm-commits/msg82737.html
https://bugzilla.redhat.com/show_bug.cgi?id=688021
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU45145
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2011-1082
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.37.6
CPE2.3https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e
https://openwall.com/lists/oss-security/2011/03/02/1
https://openwall.com/lists/oss-security/2011/03/02/2
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38
https://bugzilla.redhat.com/show_bug.cgi?id=681575
https://lkml.org/lkml/2011/2/5/220
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU45286
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2011-0711
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 2.6.0 - 2.6.37.6
CPE2.3https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba
https://openwall.com/lists/oss-security/2011/02/16/10
https://openwall.com/lists/oss-security/2011/02/16/4
https://osvdb.org/70950
https://rhn.redhat.com/errata/RHSA-2011-0927.html
https://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git3.log
https://www.securityfocus.com/bid/46417
https://bugzilla.redhat.com/show_bug.cgi?id=677260
https://patchwork.kernel.org/patch/555461/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.