Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2011-AVI-571
Vulnerability from certfr_avis - Published: 2011-10-18 - Updated: 2011-10-18
De nombreuses vulnérabilités présentes dans des bibliothèques tierces parties utilisées par VMWare ESX et VMWare ESXi ont été corrigées.
Description
VMWare a corrigé un nombre conséquent de vulnérabilités dans des bibliothèques tierces utilisées par VMWare ESX et VMWare ESXi.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMWare ESXi 4.0.",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMWare ESX 4.0 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nVMWare a corrig\u00e9 un nombre cons\u00e9quent de vuln\u00e9rabilit\u00e9s dans des\nbiblioth\u00e8ques tierces utilis\u00e9es par VMWare ESX et VMWare ESXi.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-1083",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1083"
},
{
"name": "CVE-2011-1010",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1010"
},
{
"name": "CVE-2010-4346",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4346"
},
{
"name": "CVE-2010-3477",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3477"
},
{
"name": "CVE-2010-4263",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4263"
},
{
"name": "CVE-2010-3859",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3859"
},
{
"name": "CVE-2011-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1494"
},
{
"name": "CVE-2010-4255",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4255"
},
{
"name": "CVE-2010-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2938"
},
{
"name": "CVE-2010-4072",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4072"
},
{
"name": "CVE-2010-4655",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4655"
},
{
"name": "CVE-2010-3865",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3865"
},
{
"name": "CVE-2010-4343",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4343"
},
{
"name": "CVE-2010-3877",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3877"
},
{
"name": "CVE-2011-1659",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1659"
},
{
"name": "CVE-2010-4526",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4526"
},
{
"name": "CVE-2010-0296",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0296"
},
{
"name": "CVE-2010-4249",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4249"
},
{
"name": "CVE-2010-4251",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4251"
},
{
"name": "CVE-2010-3086",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3086"
},
{
"name": "CVE-2011-0282",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0282"
},
{
"name": "CVE-2011-1090",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1090"
},
{
"name": "CVE-2010-3442",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3442"
},
{
"name": "CVE-2010-4161",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4161"
},
{
"name": "CVE-2010-3015",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3015"
},
{
"name": "CVE-2011-1478",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1478"
},
{
"name": "CVE-2010-4157",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4157"
},
{
"name": "CVE-2011-0536",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0536"
},
{
"name": "CVE-2010-3699",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3699"
},
{
"name": "CVE-2010-3066",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3066"
},
{
"name": "CVE-2010-3067",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3067"
},
{
"name": "CVE-2010-4248",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4248"
},
{
"name": "CVE-2010-2942",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2942"
},
{
"name": "CVE-2010-4243",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4243"
},
{
"name": "CVE-2011-1658",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1658"
},
{
"name": "CVE-2010-3880",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3880"
},
{
"name": "CVE-2010-3858",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3858"
},
{
"name": "CVE-2010-3904",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3904"
},
{
"name": "CVE-2010-4247",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4247"
},
{
"name": "CVE-2010-3296",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3296"
},
{
"name": "CVE-2010-3078",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3078"
},
{
"name": "CVE-2010-4073",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4073"
},
{
"name": "CVE-2011-1071",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1071"
},
{
"name": "CVE-2010-1323",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1323"
},
{
"name": "CVE-2011-0521",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0521"
},
{
"name": "CVE-2010-4075",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4075"
},
{
"name": "CVE-2010-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4083"
},
{
"name": "CVE-2011-0281",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0281"
},
{
"name": "CVE-2010-4081",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4081"
},
{
"name": "CVE-2010-2492",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2492"
},
{
"name": "CVE-2010-3876",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3876"
},
{
"name": "CVE-2011-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1095"
},
{
"name": "CVE-2010-4080",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4080"
},
{
"name": "CVE-2010-4238",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4238"
},
{
"name": "CVE-2010-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4242"
},
{
"name": "CVE-2010-2798",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2798"
},
{
"name": "CVE-2011-0710",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0710"
},
{
"name": "CVE-2010-4158",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4158"
},
{
"name": "CVE-2010-3432",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3432"
},
{
"name": "CVE-2010-2943",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2943"
},
{
"name": "CVE-2011-1495",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1495"
}
],
"initial_release_date": "2011-10-18T00:00:00",
"last_revision_date": "2011-10-18T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2011-0012 du 12 octobre 2011 :",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
}
],
"reference": "CERTA-2011-AVI-571",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De nombreuses vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans des biblioth\u00e8ques tierces\nparties utilis\u00e9es par \u003cspan class=\"textit\"\u003eVMWare ESX\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eVMWare ESXi\u003c/span\u003e ont \u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans VMWare ESX et ESXi",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMWare WMSA-2011-0012 du 12 octobre 2011",
"url": null
}
]
}
CVE-2010-4251 (GCVE-0-2010-4251)
Vulnerability from cvelistv5 – Published: 2011-05-26 16:00 – Updated: 2024-08-07 03:34
VLAI
EPSS
Summary
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/520102/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/46397 | third-party-advisoryx_refsource_SECUNIA |
| http://kerneltrap.org/mailarchive/linux-netdev/20… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/46637 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.kernel.org/pub/linux/kernel/v2.6/Chang… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=657303 | x_refsource_CONFIRM |
| http://git.kernel.org/?p=linux/kernel/git/torvald… | x_refsource_CONFIRM |
Date Public
2010-03-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "[netdev] 20100302 [PATCH 1/8] net: add limit for socket backlog",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://kerneltrap.org/mailarchive/linux-netdev/2010/3/3/6271093/thread"
},
{
"name": "46637",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46637"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=657303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8eae939f1400326b06d0c9afe53d2a484a326871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "[netdev] 20100302 [PATCH 1/8] net: add limit for socket backlog",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://kerneltrap.org/mailarchive/linux-netdev/2010/3/3/6271093/thread"
},
{
"name": "46637",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46637"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=657303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8eae939f1400326b06d0c9afe53d2a484a326871"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4251",
"datePublished": "2011-05-26T16:00:00.000Z",
"dateReserved": "2010-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:34:37.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4255 (GCVE-0-2010-4255)
Vulnerability from cvelistv5 – Published: 2011-01-25 00:00 – Updated: 2024-08-07 03:34
VLAI
EPSS
Summary
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/520102/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.redhat.com/support/errata/RHSA-2011-00… | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/46397 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.redhat.com/show_bug.cgi?id=658155 | x_refsource_CONFIRM |
| http://openwall.com/lists/oss-security/2010/11/30/5 | mailing-listx_refsource_MLIST |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://secunia.com/advisories/42884 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.xensource.com/archives/html/xen-deve… | mailing-listx_refsource_MLIST |
| http://openwall.com/lists/oss-security/2010/11/30/8 | mailing-listx_refsource_MLIST |
Date Public
2010-11-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "RHSA-2011:0017",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=658155"
},
{
"name": "[oss-security] 20101130 CVE request: xen: x86-64: don\u0027t crash Xen upon direct pv guest access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/11/30/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "42884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42884"
},
{
"name": "[xen-devel] 20101129 [PATCH] x86-64: don\u0027t crash Xen upon direct pv guest access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html"
},
{
"name": "[oss-security] 20101130 Re: CVE request: xen: x86-64: don\u0027t crash Xen upon direct pv guest access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/11/30/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "RHSA-2011:0017",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=658155"
},
{
"name": "[oss-security] 20101130 CVE request: xen: x86-64: don\u0027t crash Xen upon direct pv guest access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/11/30/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "42884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42884"
},
{
"name": "[xen-devel] 20101129 [PATCH] x86-64: don\u0027t crash Xen upon direct pv guest access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html"
},
{
"name": "[oss-security] 20101130 Re: CVE request: xen: x86-64: don\u0027t crash Xen upon direct pv guest access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/11/30/8"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4255",
"datePublished": "2011-01-25T00:00:00.000Z",
"dateReserved": "2010-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:34:37.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4263 (GCVE-0-2010-4263)
Vulnerability from cvelistv5 – Published: 2011-01-18 17:00 – Updated: 2024-08-07 03:43
VLAI
EPSS
Summary
The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2010-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:13.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "RHSA-2011:0017",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=31b24b955c3ebbb6f3008a6374e61cf7c05a193c"
},
{
"name": "RHSA-2011:0007",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name": "45208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
},
{
"name": "42884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42884"
},
{
"name": "42890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=660188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=15582"
},
{
"name": "[oss-security] 20101206 CVE request: kernel: igb panics when receiving tag vlan packet",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/06/3"
},
{
"name": "[oss-security] 20101206 Re: CVE request: kernel: igb panics when receiving tag vlan packet",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/06/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "RHSA-2011:0017",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=31b24b955c3ebbb6f3008a6374e61cf7c05a193c"
},
{
"name": "RHSA-2011:0007",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name": "45208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
},
{
"name": "42884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42884"
},
{
"name": "42890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=660188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=15582"
},
{
"name": "[oss-security] 20101206 CVE request: kernel: igb panics when receiving tag vlan packet",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/06/3"
},
{
"name": "[oss-security] 20101206 Re: CVE request: kernel: igb panics when receiving tag vlan packet",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/06/9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4263",
"datePublished": "2011-01-18T17:00:00.000Z",
"dateReserved": "2010-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:43:13.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4343 (GCVE-0-2010-4343)
Vulnerability from cvelistv5 – Published: 2010-12-29 17:27 – Updated: 2024-08-07 03:43
VLAI
EPSS
Summary
drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/45262 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2010/1… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/archive/1/520102/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.redhat.com/support/errata/RHSA-2011-00… | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/46397 | third-party-advisoryx_refsource_SECUNIA |
| http://www.spinics.net/lists/linux-scsi/msg43772.html | mailing-listx_refsource_MLIST |
| http://www.kernel.org/pub/linux/kernel/v2.6/Chang… | x_refsource_CONFIRM |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://secunia.com/advisories/42884 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2010/12/08/3 | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=661182 | x_refsource_CONFIRM |
| http://git.kernel.org/?p=linux/kernel/git/torvald… | x_refsource_CONFIRM |
Date Public
2010-05-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45262",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45262"
},
{
"name": "[oss-security] 20101209 Re: CVE request: kernel: bfa driver sysfs crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/09/15"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "RHSA-2011:0017",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "[linux-scsi] 20100521 [PATCH 1/2] bfa: fix system crash when reading sysfs fc_host statistics",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.spinics.net/lists/linux-scsi/msg43772.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "42884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42884"
},
{
"name": "[oss-security] 20101208 CVE request: kernel: bfa driver sysfs crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/08/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=661182"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7873ca4e4401f0ecd8868bf1543113467e6bae61"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "45262",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45262"
},
{
"name": "[oss-security] 20101209 Re: CVE request: kernel: bfa driver sysfs crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/09/15"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "RHSA-2011:0017",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "[linux-scsi] 20100521 [PATCH 1/2] bfa: fix system crash when reading sysfs fc_host statistics",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.spinics.net/lists/linux-scsi/msg43772.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "42884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42884"
},
{
"name": "[oss-security] 20101208 CVE request: kernel: bfa driver sysfs crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/12/08/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=661182"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7873ca4e4401f0ecd8868bf1543113467e6bae61"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4343",
"datePublished": "2010-12-29T17:27:00.000Z",
"dateReserved": "2010-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:43:14.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4346 (GCVE-0-2010-4346)
Vulnerability from cvelistv5 – Published: 2010-12-22 20:00 – Updated: 2024-08-07 03:43
VLAI
EPSS
Summary
The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2010-12-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662189"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "[oss-security] 20101209 Re: [taviso@cmpxchg8b.com: [PATCH] install_special_mapping skips security_file_mmap check.]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/09/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=462e635e5b73ba9a4c03913b77138cd57ce4b050"
},
{
"name": "[linux-kernel] 20101209 [PATCH] install_special_mapping skips security_file_mmap check.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lkml.org/lkml/2010/12/9/222"
},
{
"name": "[oss-security] 20101210 Re: Subject: CVE request: kernel: install_special_mapping skips security_file_mmap check",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/10/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc6"
},
{
"name": "MDVSA-2011:029",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name": "45323",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45323"
},
{
"name": "[oss-security] 20101210 Subject: CVE request: kernel: install_special_mapping skips security_file_mmap check",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/10/2"
},
{
"name": "[oss-security] 20101209 [taviso@cmpxchg8b.com: [PATCH] install_special_mapping skips security_file_mmap check.]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/09/12"
},
{
"name": "42570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662189"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "[oss-security] 20101209 Re: [taviso@cmpxchg8b.com: [PATCH] install_special_mapping skips security_file_mmap check.]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/09/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=462e635e5b73ba9a4c03913b77138cd57ce4b050"
},
{
"name": "[linux-kernel] 20101209 [PATCH] install_special_mapping skips security_file_mmap check.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lkml.org/lkml/2010/12/9/222"
},
{
"name": "[oss-security] 20101210 Re: Subject: CVE request: kernel: install_special_mapping skips security_file_mmap check",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/10/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc6"
},
{
"name": "MDVSA-2011:029",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name": "45323",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45323"
},
{
"name": "[oss-security] 20101210 Subject: CVE request: kernel: install_special_mapping skips security_file_mmap check",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/10/2"
},
{
"name": "[oss-security] 20101209 [taviso@cmpxchg8b.com: [PATCH] install_special_mapping skips security_file_mmap check.]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/09/12"
},
{
"name": "42570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42570"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4346",
"datePublished": "2010-12-22T20:00:00.000Z",
"dateReserved": "2010-11-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:43:14.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4526 (GCVE-0-2010-4526)
Vulnerability from cvelistv5 – Published: 2011-01-11 01:00 – Updated: 2024-08-07 03:51
VLAI
EPSS
Summary
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2011-01… | vendor-advisoryx_refsource_REDHAT |
| http://www.openwall.com/lists/oss-security/2011/0… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/archive/1/520102/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/46397 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2011/01/04/3 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/45661 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2011/0169 | vdb-entryx_refsource_VUPEN |
| http://git.kernel.org/?p=linux/kernel/git/torvald… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/42964 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:0163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0163.html"
},
{
"name": "[oss-security] 20110104 Re: CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/04/13"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "[oss-security] 20110104 CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/04/3"
},
{
"name": "45661",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45661"
},
{
"name": "ADV-2011-0169",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819"
},
{
"name": "kernel-icmp-message-dos(64616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64616"
},
{
"name": "42964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42964"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:0163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0163.html"
},
{
"name": "[oss-security] 20110104 Re: CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/04/13"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "[oss-security] 20110104 CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/04/3"
},
{
"name": "45661",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45661"
},
{
"name": "ADV-2011-0169",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819"
},
{
"name": "kernel-icmp-message-dos(64616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64616"
},
{
"name": "42964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42964"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4526",
"datePublished": "2011-01-11T01:00:00.000Z",
"dateReserved": "2010-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:17.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4655 (GCVE-0-2010-4655)
Vulnerability from cvelistv5 – Published: 2011-07-18 19:00 – Updated: 2024-08-07 03:51
VLAI
EPSS
Summary
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2010-10-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1146-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1146-1"
},
{
"name": "45972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45972"
},
{
"name": "[oss-security] 20110124 CVE request: linux kernel heap issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/24/9"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "[oss-security] 20110125 Re: CVE request: linux kernel heap issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/25/4"
},
{
"name": "[oss-security] 20110124 Re: CVE request: linux kernel heap issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/25/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "[oss-security] 20110125 Re: CVE request: linux kernel heap issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/25/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b00916b189d13a615ff05c9242201135992fcda3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36"
},
{
"name": "[oss-security] 20110128 Re: CVE request: linux kernel heap issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/28/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=672428"
},
{
"name": "[linux-kernel] 20101007 [PATCH] net: clear heap allocations for privileged ethtool actions",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lkml.org/lkml/2010/10/7/297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1146-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1146-1"
},
{
"name": "45972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45972"
},
{
"name": "[oss-security] 20110124 CVE request: linux kernel heap issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/24/9"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "[oss-security] 20110125 Re: CVE request: linux kernel heap issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/25/4"
},
{
"name": "[oss-security] 20110124 Re: CVE request: linux kernel heap issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/25/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "[oss-security] 20110125 Re: CVE request: linux kernel heap issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/25/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b00916b189d13a615ff05c9242201135992fcda3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36"
},
{
"name": "[oss-security] 20110128 Re: CVE request: linux kernel heap issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/28/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=672428"
},
{
"name": "[linux-kernel] 20101007 [PATCH] net: clear heap allocations for privileged ethtool actions",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lkml.org/lkml/2010/10/7/297"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4655",
"datePublished": "2011-07-18T19:00:00.000Z",
"dateReserved": "2011-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:17.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0281 (GCVE-0-2011-0281)
Vulnerability from cvelistv5 – Published: 2011-02-10 17:00 – Updated: 2024-08-06 21:51
VLAI
EPSS
Summary
The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
22 references
Date Public
2010-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:07.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"name": "46265",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46265"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "ADV-2011-0347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"name": "43260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43260"
},
{
"name": "ADV-2011-0333",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"name": "RHSA-2011:0199",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"name": "43273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43273"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"name": "1025037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025037"
},
{
"name": "SUSE-SR:2011:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "MDVSA-2011:024",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"name": "ADV-2011-0464",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name": "8073",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8073"
},
{
"name": "kerberos-ldap-descriptor-dos(65324)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65324"
},
{
"name": "ADV-2011-0330",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name": "[kerberos] 20101222 LDAP handle unavailable: Can\u0027t contact LDAP server",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html"
},
{
"name": "43275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43275"
},
{
"name": "RHSA-2011:0200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2011:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"name": "46265",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46265"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "ADV-2011-0347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"name": "43260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43260"
},
{
"name": "ADV-2011-0333",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"name": "RHSA-2011:0199",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"name": "43273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43273"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"name": "1025037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025037"
},
{
"name": "SUSE-SR:2011:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "MDVSA-2011:024",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"name": "ADV-2011-0464",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name": "8073",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8073"
},
{
"name": "kerberos-ldap-descriptor-dos(65324)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65324"
},
{
"name": "ADV-2011-0330",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name": "[kerberos] 20101222 LDAP handle unavailable: Can\u0027t contact LDAP server",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html"
},
{
"name": "43275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43275"
},
{
"name": "RHSA-2011:0200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:025",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"name": "46265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46265"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "ADV-2011-0347",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"name": "43260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43260"
},
{
"name": "ADV-2011-0333",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"name": "RHSA-2011:0199",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"name": "43273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43273"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"name": "1025037",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025037"
},
{
"name": "SUSE-SR:2011:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "MDVSA-2011:024",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"name": "ADV-2011-0464",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name": "8073",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8073"
},
{
"name": "kerberos-ldap-descriptor-dos(65324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65324"
},
{
"name": "ADV-2011-0330",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name": "[kerberos] 20101222 LDAP handle unavailable: Can\u0027t contact LDAP server",
"refsource": "MLIST",
"url": "http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html"
},
{
"name": "43275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43275"
},
{
"name": "RHSA-2011:0200",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0281",
"datePublished": "2011-02-10T17:00:00.000Z",
"dateReserved": "2011-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:51:07.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0282 (GCVE-0-2011-0282)
Vulnerability from cvelistv5 – Published: 2011-02-10 17:00 – Updated: 2024-08-06 21:51
VLAI
EPSS
Summary
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
21 references
Date Public
2011-02-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:07.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "46271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46271"
},
{
"name": "ADV-2011-0347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"name": "43260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43260"
},
{
"name": "ADV-2011-0333",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"name": "RHSA-2011:0199",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"name": "43273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43273"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"name": "1025037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025037"
},
{
"name": "SUSE-SR:2011:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "MDVSA-2011:024",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"name": "ADV-2011-0464",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name": "8073",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8073"
},
{
"name": "kerberos-ldap-dos(65323)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65323"
},
{
"name": "ADV-2011-0330",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name": "43275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43275"
},
{
"name": "RHSA-2011:0200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2011:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "46271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46271"
},
{
"name": "ADV-2011-0347",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"name": "43260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43260"
},
{
"name": "ADV-2011-0333",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"name": "RHSA-2011:0199",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"name": "43273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43273"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"name": "1025037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025037"
},
{
"name": "SUSE-SR:2011:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "MDVSA-2011:024",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"name": "ADV-2011-0464",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name": "8073",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8073"
},
{
"name": "kerberos-ldap-dos(65323)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65323"
},
{
"name": "ADV-2011-0330",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name": "43275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43275"
},
{
"name": "RHSA-2011:0200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:025",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "46271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46271"
},
{
"name": "ADV-2011-0347",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"name": "43260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43260"
},
{
"name": "ADV-2011-0333",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"name": "RHSA-2011:0199",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"name": "43273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43273"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"name": "1025037",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025037"
},
{
"name": "SUSE-SR:2011:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "MDVSA-2011:024",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"name": "ADV-2011-0464",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name": "8073",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8073"
},
{
"name": "kerberos-ldap-dos(65323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65323"
},
{
"name": "ADV-2011-0330",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name": "43275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43275"
},
{
"name": "RHSA-2011:0200",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0282",
"datePublished": "2011-02-10T17:00:00.000Z",
"dateReserved": "2011-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:51:07.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0521 (GCVE-0-2011-0521)
Vulnerability from cvelistv5 – Published: 2011-02-02 22:00 – Updated: 2024-08-06 21:58
VLAI
EPSS
Summary
The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/45986 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1025195 | vdb-entryx_refsource_SECTRACK |
| http://openwall.com/lists/oss-security/2011/01/24/2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/archive/1/520102/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/46397 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/43009 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.kernel.org/pub/linux/kernel/v2.6/testi… | x_refsource_CONFIRM |
| http://openwall.com/lists/oss-security/2011/01/25/2 | mailing-listx_refsource_MLIST |
| http://git.kernel.org/?p=linux/kernel/git/torvald… | x_refsource_CONFIRM |
Date Public
2011-01-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:25.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45986",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45986"
},
{
"name": "1025195",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025195"
},
{
"name": "[oss-security] 20110125 Linux kernel av7110 negative array offset",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/24/2"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "kernel-av7110ca-privilege-escalation(64988)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64988"
},
{
"name": "43009",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc2"
},
{
"name": "[oss-security] 20110125 Re: Linux kernel av7110 negative array offset",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/25/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cb26a24ee9706473f31d34cc259f4dcf45cd0644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "45986",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45986"
},
{
"name": "1025195",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025195"
},
{
"name": "[oss-security] 20110125 Linux kernel av7110 negative array offset",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/24/2"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"name": "kernel-av7110ca-privilege-escalation(64988)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64988"
},
{
"name": "43009",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc2"
},
{
"name": "[oss-security] 20110125 Re: Linux kernel av7110 negative array offset",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/25/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cb26a24ee9706473f31d34cc259f4dcf45cd0644"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0521",
"datePublished": "2011-02-02T22:00:00.000Z",
"dateReserved": "2011-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:58:25.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…