SB2012062220 - Remote denial of service in Linux kernel ROSE protocol
Published: June 22, 2012 Updated: June 4, 2024
Security Bulletin ID
SB2012062220
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2011-4914)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the ROSE protocol implementation. A remote attacker can send specially crafted data via a ROSE socket, trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- http://www.openwall.com/lists/oss-security/2011/12/28/2
- https://bugzilla.redhat.com/show_bug.cgi?id=770777
- https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0bccd315db0c2f919e7fcf9cb60db21d9986f52