SB2011051001 - Multiple vulnerabilities in Linux kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2011051001

SB2011051001 - Multiple vulnerabilities in Linux kernel

Published: May 10, 2011 Updated: August 11, 2020

Security Bulletin ID SB2011051001
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 14% Medium 71% Low 14%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) NULL pointer dereference (CVE-ID: CVE-2011-1771)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem. A remote attacker can perform a denial of service (DoS) attack.


2) Buffer overflow (CVE-ID: CVE-2011-1776)

The vulnerability allows a local non-authenticated attacker to #BASIC_IMPACT#.

The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.


3) Buffer overflow (CVE-ID: CVE-2011-2534)

The vulnerability allows a local authenticated user to execute arbitrary code.

Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '' character.


4) Information disclosure (CVE-ID: CVE-2011-1173)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.


5) Input validation error (CVE-ID: CVE-2011-1581)

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic.


6) NULL pointer dereference (CVE-ID: CVE-2011-1598)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted release operation.


7) NULL pointer dereference (CVE-ID: CVE-2011-1748)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted release operation.


Remediation

Install update from vendor's website.

References