Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2012-AVI-046
Vulnerability from certfr_avis - Published: 2012-02-01 - Updated: 2012-02-01
Un grand nombre de vulnérabilités, dont certaines permettent d'exécuter du code arbitraire à distance, sont présentes dans VMware ESX et VMware ESXi.
Description
Un grand nombre de vulnérabilités existe dans VMWare ESX et VMware ESXi dont certaines, particulièrement critiques, peuvent conduire à une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware ESXi 4.1 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX 4.1.",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUn grand nombre de vuln\u00e9rabilit\u00e9s existe dans VMWare ESX et VMware ESXi\ndont certaines, particuli\u00e8rement critiques, peuvent conduire \u00e0 une\nex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1170"
},
{
"name": "CVE-2010-1634",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1634"
},
{
"name": "CVE-2010-2059",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2059"
},
{
"name": "CVE-2011-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2901"
},
{
"name": "CVE-2011-2694",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2694"
},
{
"name": "CVE-2011-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2213"
},
{
"name": "CVE-2010-4649",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4649"
},
{
"name": "CVE-2009-3560",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
},
{
"name": "CVE-2011-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1494"
},
{
"name": "CVE-2011-1044",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1044"
},
{
"name": "CVE-2011-3378",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3378"
},
{
"name": "CVE-2011-2022",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2022"
},
{
"name": "CVE-2011-1080",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1080"
},
{
"name": "CVE-2011-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1746"
},
{
"name": "CVE-2011-0695",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0695"
},
{
"name": "CVE-2011-2522",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2522"
},
{
"name": "CVE-2011-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1745"
},
{
"name": "CVE-2011-1780",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1780"
},
{
"name": "CVE-2011-1078",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1078"
},
{
"name": "CVE-2010-3493",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3493"
},
{
"name": "CVE-2011-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1776"
},
{
"name": "CVE-2011-1171",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1171"
},
{
"name": "CVE-2011-1936",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1936"
},
{
"name": "CVE-2011-1678",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1678"
},
{
"name": "CVE-2011-1593",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1593"
},
{
"name": "CVE-2011-1182",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1182"
},
{
"name": "CVE-2011-1093",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1093"
},
{
"name": "CVE-2011-2517",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2517"
},
{
"name": "CVE-2011-1521",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1521"
},
{
"name": "CVE-2011-1763",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1763"
},
{
"name": "CVE-2011-2192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2192"
},
{
"name": "CVE-2011-0726",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0726"
},
{
"name": "CVE-2011-1015",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1015"
},
{
"name": "CVE-2011-2492",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2492"
},
{
"name": "CVE-2011-1079",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1079"
},
{
"name": "CVE-2011-2525",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2525"
},
{
"name": "CVE-2011-2482",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2482"
},
{
"name": "CVE-2011-1573",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1573"
},
{
"name": "CVE-2011-1166",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1166"
},
{
"name": "CVE-2011-2689",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2689"
},
{
"name": "CVE-2010-0787",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0787"
},
{
"name": "CVE-2011-1172",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1172"
},
{
"name": "CVE-2011-1163",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1163"
},
{
"name": "CVE-2010-2089",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2089"
},
{
"name": "CVE-2010-0547",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0547"
},
{
"name": "CVE-2009-3720",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
},
{
"name": "CVE-2011-1577",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1577"
},
{
"name": "CVE-2011-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2519"
},
{
"name": "CVE-2011-1495",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1495"
},
{
"name": "CVE-2011-0711",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0711"
},
{
"name": "CVE-2011-2491",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2491"
},
{
"name": "CVE-2011-1576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1576"
},
{
"name": "CVE-2011-2495",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2495"
}
],
"initial_release_date": "2012-02-01T00:00:00",
"last_revision_date": "2012-02-01T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0001 du 30 janvier 2012 :",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0001.html"
}
],
"reference": "CERTA-2012-AVI-046",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-02-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Un grand nombre de vuln\u00e9rabilit\u00e9s, dont certaines permettent d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance, sont pr\u00e9sentes dans VMware ESX et VMware\nESXi.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans VMware ESX et ESXi",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0001 du 30 janvier 2012",
"url": null
}
]
}
CVE-2011-1170 (GCVE-0-2011-1170)
Vulnerability from cvelistv5 – Published: 2011-06-22 22:00 – Updated: 2024-08-06 22:21
VLAI
EPSS
Summary
net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8282 | third-party-advisoryx_refsource_SREASON |
| https://bugzilla.redhat.com/show_bug.cgi?id=689321 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2011/0… | mailing-listx_refsource_MLIST |
| http://git.kernel.org/?p=linux/kernel/git/torvald… | x_refsource_CONFIRM |
| http://www.kernel.org/pub/linux/kernel/v2.6/Chang… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2011-0833.html | vendor-advisoryx_refsource_REDHAT |
| http://marc.info/?l=netfilter-devel&m=12997808100… | mailing-listx_refsource_MLIST |
| http://downloads.avaya.com/css/P8/documents/100145416 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2011/03/21/4 | mailing-listx_refsource_MLIST |
| http://securityreason.com/securityalert/8278 | third-party-advisoryx_refsource_SREASON |
| http://www.openwall.com/lists/oss-security/2011/03/21/1 | mailing-listx_refsource_MLIST |
Date Public
2011-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:33.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8282",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689321"
},
{
"name": "[oss-security] 20110318 CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/18/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=42eab94fff18cb1091d3501cd284d6bd6cc9c143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
},
{
"name": "RHSA-2011:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"name": "[netfilter-devel] 20110310 [PATCH] ipv4: netfilter: arp_tables: fix infoleak to userspace",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=netfilter-devel\u0026m=129978081009955\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/21/4"
},
{
"name": "8278",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8278"
},
{
"name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/21/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected \u0027\\0\u0027 character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-30T14:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "8282",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689321"
},
{
"name": "[oss-security] 20110318 CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/18/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=42eab94fff18cb1091d3501cd284d6bd6cc9c143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
},
{
"name": "RHSA-2011:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"name": "[netfilter-devel] 20110310 [PATCH] ipv4: netfilter: arp_tables: fix infoleak to userspace",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=netfilter-devel\u0026m=129978081009955\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/21/4"
},
{
"name": "8278",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8278"
},
{
"name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/21/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1170",
"datePublished": "2011-06-22T22:00:00.000Z",
"dateReserved": "2011-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:21:33.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1171 (GCVE-0-2011-1171)
Vulnerability from cvelistv5 – Published: 2011-06-22 22:00 – Updated: 2024-08-06 22:21
VLAI
EPSS
Summary
net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8283 | third-party-advisoryx_refsource_SREASON |
| http://www.openwall.com/lists/oss-security/2011/0… | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=689327 | x_refsource_CONFIRM |
| http://marc.info/?l=linux-kernel&m=129978077609894&w=2 | mailing-listx_refsource_MLIST |
| http://www.kernel.org/pub/linux/kernel/v2.6/Chang… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2011-0833.html | vendor-advisoryx_refsource_REDHAT |
| http://downloads.avaya.com/css/P8/documents/100145416 | x_refsource_CONFIRM |
| http://git.kernel.org/?p=linux/kernel/git/torvald… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2011/03/21/4 | mailing-listx_refsource_MLIST |
| http://securityreason.com/securityalert/8278 | third-party-advisoryx_refsource_SREASON |
| http://www.openwall.com/lists/oss-security/2011/03/21/1 | mailing-listx_refsource_MLIST |
Date Public
2011-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:32.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8283",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8283"
},
{
"name": "[oss-security] 20110318 CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/18/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689327"
},
{
"name": "[linux-kernel] 20110310 [PATCH] ipv4: netfilter: ip_tables: fix infoleak to userspace",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=129978077609894\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
},
{
"name": "RHSA-2011:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=78b79876761b86653df89c48a7010b5cbd41a84a"
},
{
"name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/21/4"
},
{
"name": "8278",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8278"
},
{
"name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/21/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected \u0027\\0\u0027 character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-30T14:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "8283",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8283"
},
{
"name": "[oss-security] 20110318 CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/18/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689327"
},
{
"name": "[linux-kernel] 20110310 [PATCH] ipv4: netfilter: ip_tables: fix infoleak to userspace",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=129978077609894\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
},
{
"name": "RHSA-2011:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=78b79876761b86653df89c48a7010b5cbd41a84a"
},
{
"name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/21/4"
},
{
"name": "8278",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8278"
},
{
"name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/21/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1171",
"datePublished": "2011-06-22T22:00:00.000Z",
"dateReserved": "2011-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:21:32.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1172 (GCVE-0-2011-1172)
Vulnerability from cvelistv5 – Published: 2011-06-22 22:00 – Updated: 2024-08-06 22:21
VLAI
EPSS
Summary
net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/0… | mailing-listx_refsource_MLIST |
| http://git.kernel.org/?p=linux/kernel/git/torvald… | x_refsource_CONFIRM |
| http://www.kernel.org/pub/linux/kernel/v2.6/Chang… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=689345 | x_refsource_CONFIRM |
| http://marc.info/?l=linux-kernel&m=129978086410061&w=2 | mailing-listx_refsource_MLIST |
| http://rhn.redhat.com/errata/RHSA-2011-0833.html | vendor-advisoryx_refsource_REDHAT |
| http://downloads.avaya.com/css/P8/documents/100145416 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2011/03/21/4 | mailing-listx_refsource_MLIST |
| http://securityreason.com/securityalert/8278 | third-party-advisoryx_refsource_SREASON |
| http://www.openwall.com/lists/oss-security/2011/03/21/1 | mailing-listx_refsource_MLIST |
Date Public
2011-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:32.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110318 CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/18/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a8ab060779779de8aea92ce3337ca348f973f54"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689345"
},
{
"name": "[linux-kernel] 20110310 [PATCH] ipv6: netfilter: ip6_tables: fix infoleak to userspace",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=129978086410061\u0026w=2"
},
{
"name": "RHSA-2011:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/21/4"
},
{
"name": "8278",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8278"
},
{
"name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/21/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected \u0027\\0\u0027 character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-30T14:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110318 CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/18/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a8ab060779779de8aea92ce3337ca348f973f54"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=689345"
},
{
"name": "[linux-kernel] 20110310 [PATCH] ipv6: netfilter: ip6_tables: fix infoleak to userspace",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=129978086410061\u0026w=2"
},
{
"name": "RHSA-2011:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/21/4"
},
{
"name": "8278",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8278"
},
{
"name": "[oss-security] 20110321 Re: CVE request: kernel: netfilter \u0026 econet infoleaks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/21/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1172",
"datePublished": "2011-06-22T22:00:00.000Z",
"dateReserved": "2011-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:21:32.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1182 (GCVE-0-2011-1182)
Vulnerability from cvelistv5 – Published: 2013-03-01 11:00 – Updated: 2024-08-06 22:21
VLAI
EPSS
Summary
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/03/23/2 | mailing-listx_refsource_MLIST |
| http://rhn.redhat.com/errata/RHSA-2011-0927.html | vendor-advisoryx_refsource_REDHAT |
| http://ftp.osuosl.org/pub/linux/kernel/v2.6/Chang… | x_refsource_CONFIRM |
| https://github.com/torvalds/linux/commit/da48524e… | x_refsource_CONFIRM |
| http://git.kernel.org/?p=linux/kernel/git/torvald… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=690028 | x_refsource_CONFIRM |
Date Public
2011-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:32.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110323 Re: Linux kernel signal spoofing vulnerability (CVE request)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/2"
},
{
"name": "RHSA-2011:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/da48524eb20662618854bb3df2db01fc65f3070c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=da48524eb20662618854bb3df2db01fc65f3070c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=690028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-07T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110323 Re: Linux kernel signal spoofing vulnerability (CVE request)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/03/23/2"
},
{
"name": "RHSA-2011:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/da48524eb20662618854bb3df2db01fc65f3070c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=da48524eb20662618854bb3df2db01fc65f3070c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=690028"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1182",
"datePublished": "2013-03-01T11:00:00.000Z",
"dateReserved": "2011-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:21:32.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1494 (GCVE-0-2011-1494)
Vulnerability from cvelistv5 – Published: 2011-05-03 19:00 – Updated: 2024-08-06 22:28
VLAI
EPSS
Summary
Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://lkml.org/lkml/2011/4/5/327 | mailing-listx_refsource_MLIST |
| http://openwall.com/lists/oss-security/2011/04/05/32 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/archive/1/520102/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/46397 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.redhat.com/show_bug.cgi?id=694021 | x_refsource_CONFIRM |
| http://openwall.com/lists/oss-security/2011/04/06/2 | mailing-listx_refsource_MLIST |
| https://patchwork.kernel.org/patch/688021/ | x_refsource_CONFIRM |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2011-0833.html | vendor-advisoryx_refsource_REDHAT |
| http://downloads.avaya.com/css/P8/documents/100145416 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/47185 | vdb-entryx_refsource_BID |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2011-04-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[linux-kernel] 20110405 [PATCH] drivers/scsi/mpt2sas: prevent heap overflows and unchecked reads",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lkml.org/lkml/2011/4/5/327"
},
{
"name": "[oss-security] 20110405 CVE request: kernel: two issues in mpt2sas",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/05/32"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694021"
},
{
"name": "[oss-security] 20110406 Re: CVE request: kernel: two issues in mpt2sas",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchwork.kernel.org/patch/688021/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "RHSA-2011:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name": "47185",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47185"
},
{
"name": "SUSE-SU-2015:0812",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[linux-kernel] 20110405 [PATCH] drivers/scsi/mpt2sas: prevent heap overflows and unchecked reads",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lkml.org/lkml/2011/4/5/327"
},
{
"name": "[oss-security] 20110405 CVE request: kernel: two issues in mpt2sas",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/05/32"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694021"
},
{
"name": "[oss-security] 20110406 Re: CVE request: kernel: two issues in mpt2sas",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchwork.kernel.org/patch/688021/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "RHSA-2011:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name": "47185",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47185"
},
{
"name": "SUSE-SU-2015:0812",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1494",
"datePublished": "2011-05-03T19:00:00.000Z",
"dateReserved": "2011-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:28:41.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1495 (GCVE-0-2011-1495)
Vulnerability from cvelistv5 – Published: 2011-05-03 19:00 – Updated: 2024-08-06 22:28
VLAI
EPSS
Summary
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://lkml.org/lkml/2011/4/5/327 | mailing-listx_refsource_MLIST |
| http://openwall.com/lists/oss-security/2011/04/05/32 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/archive/1/520102/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/46397 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.redhat.com/show_bug.cgi?id=694021 | x_refsource_CONFIRM |
| http://openwall.com/lists/oss-security/2011/04/06/2 | mailing-listx_refsource_MLIST |
| https://patchwork.kernel.org/patch/688021/ | x_refsource_CONFIRM |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2011-0833.html | vendor-advisoryx_refsource_REDHAT |
| http://downloads.avaya.com/css/P8/documents/100145416 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/47185 | vdb-entryx_refsource_BID |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2011-04-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[linux-kernel] 20110405 [PATCH] drivers/scsi/mpt2sas: prevent heap overflows and unchecked reads",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lkml.org/lkml/2011/4/5/327"
},
{
"name": "[oss-security] 20110405 CVE request: kernel: two issues in mpt2sas",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/05/32"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694021"
},
{
"name": "[oss-security] 20110406 Re: CVE request: kernel: two issues in mpt2sas",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchwork.kernel.org/patch/688021/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "RHSA-2011:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name": "47185",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47185"
},
{
"name": "SUSE-SU-2015:0812",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[linux-kernel] 20110405 [PATCH] drivers/scsi/mpt2sas: prevent heap overflows and unchecked reads",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lkml.org/lkml/2011/4/5/327"
},
{
"name": "[oss-security] 20110405 CVE request: kernel: two issues in mpt2sas",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/05/32"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694021"
},
{
"name": "[oss-security] 20110406 Re: CVE request: kernel: two issues in mpt2sas",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchwork.kernel.org/patch/688021/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "RHSA-2011:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name": "47185",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47185"
},
{
"name": "SUSE-SU-2015:0812",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1495",
"datePublished": "2011-05-03T19:00:00.000Z",
"dateReserved": "2011-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:28:41.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1521 (GCVE-0-2011-1521)
Vulnerability from cvelistv5 – Published: 2011-05-24 23:00 – Updated: 2024-08-06 22:28
VLAI
EPSS
Summary
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
Date Public
2011-03-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110916 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/09/15/5"
},
{
"name": "MDVSA-2011:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.python.org/cpython/rev/b2934d98dac1/"
},
{
"name": "USN-1592-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1592-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.python.org/cpython/rev/96a6c128822b/"
},
{
"name": "51040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51040"
},
{
"name": "50858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50858"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.python.org/issue11662"
},
{
"name": "[oss-security] 20110324 CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/24/5"
},
{
"name": "[oss-security] 20110328 Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/28/2"
},
{
"name": "1025488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025488"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=690560"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"
},
{
"name": "USN-1596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS"
},
{
"name": "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/09/11/1"
},
{
"name": "USN-1613-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"
},
{
"name": "51024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51024"
},
{
"name": "USN-1613-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1613-1"
},
{
"name": "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/09/13/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.djangoproject.com/weblog/2011/sep/09/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110916 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/09/15/5"
},
{
"name": "MDVSA-2011:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.python.org/cpython/rev/b2934d98dac1/"
},
{
"name": "USN-1592-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1592-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.python.org/cpython/rev/96a6c128822b/"
},
{
"name": "51040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51040"
},
{
"name": "50858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50858"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.python.org/issue11662"
},
{
"name": "[oss-security] 20110324 CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/24/5"
},
{
"name": "[oss-security] 20110328 Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/28/2"
},
{
"name": "1025488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025488"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=690560"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"
},
{
"name": "USN-1596-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS"
},
{
"name": "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/09/11/1"
},
{
"name": "USN-1613-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"
},
{
"name": "51024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51024"
},
{
"name": "USN-1613-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1613-1"
},
{
"name": "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/09/13/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.djangoproject.com/weblog/2011/sep/09/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110916 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/09/15/5"
},
{
"name": "MDVSA-2011:096",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "http://hg.python.org/cpython/rev/b2934d98dac1/",
"refsource": "CONFIRM",
"url": "http://hg.python.org/cpython/rev/b2934d98dac1/"
},
{
"name": "USN-1592-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1592-1"
},
{
"name": "http://hg.python.org/cpython/rev/96a6c128822b/",
"refsource": "CONFIRM",
"url": "http://hg.python.org/cpython/rev/96a6c128822b/"
},
{
"name": "51040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51040"
},
{
"name": "50858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50858"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "http://bugs.python.org/issue11662",
"refsource": "CONFIRM",
"url": "http://bugs.python.org/issue11662"
},
{
"name": "[oss-security] 20110324 CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/24/5"
},
{
"name": "[oss-security] 20110328 Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/28/2"
},
{
"name": "1025488",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025488"
},
{
"name": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS",
"refsource": "CONFIRM",
"url": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=690560",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=690560"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=737366",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"
},
{
"name": "USN-1596-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"name": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS",
"refsource": "CONFIRM",
"url": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS"
},
{
"name": "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/09/11/1"
},
{
"name": "USN-1613-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "https://www.djangoproject.com/weblog/2011/sep/10/127/",
"refsource": "CONFIRM",
"url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"
},
{
"name": "51024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51024"
},
{
"name": "USN-1613-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-1"
},
{
"name": "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/09/13/2"
},
{
"name": "https://www.djangoproject.com/weblog/2011/sep/09/",
"refsource": "CONFIRM",
"url": "https://www.djangoproject.com/weblog/2011/sep/09/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1521",
"datePublished": "2011-05-24T23:00:00.000Z",
"dateReserved": "2011-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:28:41.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1573 (GCVE-0-2011-1573)
Vulnerability from cvelistv5 – Published: 2012-02-02 02:00 – Updated: 2024-08-06 22:28
VLAI
EPSS
Summary
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2011-0927.html | vendor-advisoryx_refsource_REDHAT |
| http://mirror.anl.gov/pub/linux/kernel/v2.6/Chang… | x_refsource_CONFIRM |
| http://openwall.com/lists/oss-security/2011/04/11/12 | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=695383 | x_refsource_CONFIRM |
| http://openwall.com/lists/oss-security/2011/04/11/4 | mailing-listx_refsource_MLIST |
| http://git.kernel.org/?p=linux/kernel/git/torvald… | x_refsource_CONFIRM |
Date Public
2010-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mirror.anl.gov/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
},
{
"name": "[oss-security] 20110411 Re: CVE request - kernel: sctp: fix to calc the INIT/INIT-ACK chunk length correctly to set",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695383"
},
{
"name": "[oss-security] 20110411 CVE request - kernel: sctp: fix to calc the INIT/INIT-ACK chunk length correctly to set",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8170c35e738d62e9919ce5b109cf4ed66e95bde"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-07T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mirror.anl.gov/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
},
{
"name": "[oss-security] 20110411 Re: CVE request - kernel: sctp: fix to calc the INIT/INIT-ACK chunk length correctly to set",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695383"
},
{
"name": "[oss-security] 20110411 CVE request - kernel: sctp: fix to calc the INIT/INIT-ACK chunk length correctly to set",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8170c35e738d62e9919ce5b109cf4ed66e95bde"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1573",
"datePublished": "2012-02-02T02:00:00.000Z",
"dateReserved": "2011-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:28:41.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1576 (GCVE-0-2011-1576)
Vulnerability from cvelistv5 – Published: 2011-08-31 23:00 – Updated: 2024-08-06 22:28
VLAI
EPSS
Summary
The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/48907 | vdb-entryx_refsource_BID |
| http://www.redhat.com/support/errata/RHSA-2011-11… | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2011-0927.html | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=695173 | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2011-10… | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id?1025853 | vdb-entryx_refsource_SECTRACK |
Date Public
2011-07-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48907",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48907"
},
{
"name": "RHSA-2011:1106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1106.html"
},
{
"name": "RHSA-2011:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695173"
},
{
"name": "RHSA-2011:1090",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1090.html"
},
{
"name": "1025853",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025853"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-07T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48907",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48907"
},
{
"name": "RHSA-2011:1106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1106.html"
},
{
"name": "RHSA-2011:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695173"
},
{
"name": "RHSA-2011:1090",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1090.html"
},
{
"name": "1025853",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025853"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1576",
"datePublished": "2011-08-31T23:00:00.000Z",
"dateReserved": "2011-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:28:41.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1577 (GCVE-0-2011-1577)
Vulnerability from cvelistv5 – Published: 2011-05-03 19:00 – Updated: 2024-08-06 22:28
VLAI
EPSS
Summary
Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securitytracker.com/id?1025355 | vdb-entryx_refsource_SECTRACK |
| https://bugzilla.redhat.com/show_bug.cgi?id=695976 | x_refsource_CONFIRM |
| http://openwall.com/lists/oss-security/2011/04/13/1 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/47343 | vdb-entryx_refsource_BID |
| http://rhn.redhat.com/errata/RHSA-2011-0833.html | vendor-advisoryx_refsource_REDHAT |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://securityreason.com/securityalert/8238 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/517477/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.spinics.net/lists/mm-commits/msg83274.html | mailing-listx_refsource_MLIST |
| http://downloads.avaya.com/css/P8/documents/100145416 | x_refsource_CONFIRM |
| http://openwall.com/lists/oss-security/2011/04/12/17 | mailing-listx_refsource_MLIST |
Date Public
2011-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "kernel-guid-dos(66773)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66773"
},
{
"name": "1025355",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695976"
},
{
"name": "[oss-security] 20110413 Re: CVE Request: kernel: fs/partitions: Corrupted GUID partition tables can cause kernel oops",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/13/1"
},
{
"name": "47343",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47343"
},
{
"name": "RHSA-2011:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"name": "FEDORA-2011-7823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html"
},
{
"name": "8238",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8238"
},
{
"name": "20110413 [PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517477/100/0/threaded"
},
{
"name": "[mm-commits] 20110412 + fs-partitions-efic-corrupted-guid-partition-tables-can-cause-kernel-oops.patch added to -mm tree",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.spinics.net/lists/mm-commits/msg83274.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name": "[oss-security] 20110412 CVE Request: kernel: fs/partitions: Corrupted GUID partition tables can cause kernel oops",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/12/17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "kernel-guid-dos(66773)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66773"
},
{
"name": "1025355",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695976"
},
{
"name": "[oss-security] 20110413 Re: CVE Request: kernel: fs/partitions: Corrupted GUID partition tables can cause kernel oops",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/13/1"
},
{
"name": "47343",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47343"
},
{
"name": "RHSA-2011:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0833.html"
},
{
"name": "FEDORA-2011-7823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html"
},
{
"name": "8238",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8238"
},
{
"name": "20110413 [PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517477/100/0/threaded"
},
{
"name": "[mm-commits] 20110412 + fs-partitions-efic-corrupted-guid-partition-tables-can-cause-kernel-oops.patch added to -mm tree",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.spinics.net/lists/mm-commits/msg83274.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.avaya.com/css/P8/documents/100145416"
},
{
"name": "[oss-security] 20110412 CVE Request: kernel: fs/partitions: Corrupted GUID partition tables can cause kernel oops",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/12/17"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1577",
"datePublished": "2011-05-03T19:00:00.000Z",
"dateReserved": "2011-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:28:41.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…