Executive Summary

Informations
Name CVE-2011-1768 First vendor Publication 2012-06-13
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:N/A:C)
Cvss Base Score 5.4 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The tunnels implementation in the Linux kernel before 2.6.34, when tunnel functionality is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1768

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14248
 
Oval ID: oval:org.mitre.oval:def:14248
Title: DSA-2303-1 linux-2.6 -- privilege escalation/denial of service/information leak
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary. CVE-2011-1576 Ryan Sweat discovered an issue in the VLAN implementation. Local users may be able to cause a kernel memory leak, resulting in a denial of service. CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion. CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialised struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory. CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process" proc directory was world-readable, resulting in local information disclosure of information such as password lengths. CVE-2011-2496 Robert Swiecki discovered that mremap could be abused for local denial of service by triggering a BUG_ON assert. CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2517 It was discovered that the netlink-based wireless configuration interface performed insufficient length validation when parsing SSIDs, resulting in buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a denial of service. CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service by sending a specially crafted netlink message. CVE-2011-2700 Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the driver for the Si4713 FM Radio Transmitter driver used by N900 devices. Local users could exploit this issue to cause a denial of service or potentially gain elevated privileges. CVE-2011-2723 Brent Meshier reported an issue in the GRO implementation. This can be exploited by remote users to create a denial of service in certain network device configurations. CVE-2011-2905 Christian Ohm discovered that the "perf" analysis tool searches for its config files in the current working directory. This could lead to denial of service or potential privilege escalation if a user with elevated privileges is tricked into running "perf" in a directory under the control of the attacker. CVE-2011-2909 Vasiliy Kulikov of Openwall discovered that a programming error in the Comedi driver could lead to the information disclosure through leaked stack memory. CVE-2011-2918 Vince Weaver discovered that incorrect handling of software event overflows in the "perf" analysis tool could lead to local denial of service. CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session. CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System. A malicious file server could cause memory corruption leading to a denial of service. This update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768
Family: unix Class: patch
Reference(s): DSA-2303-1
CVE-2011-1020
CVE-2011-1576
CVE-2011-2484
CVE-2011-2491
CVE-2011-2492
CVE-2011-2495
CVE-2011-2496
CVE-2011-2497
CVE-2011-2517
CVE-2011-2525
CVE-2011-2700
CVE-2011-2723
CVE-2011-2905
CVE-2011-2909
CVE-2011-2918
CVE-2011-2928
CVE-2011-3188
CVE-2011-3191
CVE-2011-1768
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14257
 
Oval ID: oval:org.mitre.oval:def:14257
Title: DSA-2310-1 linux-2.6 -- privilege escalation/denial of service/information leak
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4067 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald module, a driver for Auerswald PBX/System Telephone USB devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device. CVE-2011-0712 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq module, a USB driver for Native Instruments USB audio devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device. CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary. CVE-2011-2209 Dan Rosenberg discovered an issue in the osf_sysinfo system call on the alpha architecture. Local users could obtain access to sensitive kernel memory. CVE-2011-2211 Dan Rosenberg discovered an issue in the osf_wait4 system call on the alpha architecture permitting local users to gain elevated privileges. CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop. CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion. CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialised struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory. CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process" proc directory was world-readable, resulting in local information disclosure of information such as password lengths. CVE-2011-2496 Robert Swiecki discovered that mremap could be abused for local denial of service by triggering a BUG_ON assert. CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service by sending a specially crafted netlink message. CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session. CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System. A malicious file server could cause memory corruption leading to a denial of service. This update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768
Family: unix Class: patch
Reference(s): DSA-2310-1
CVE-2009-4067
CVE-2011-0712
CVE-2011-1020
CVE-2011-2209
CVE-2011-2211
CVE-2011-2213
CVE-2011-2484
CVE-2011-2491
CVE-2011-2492
CVE-2011-2495
CVE-2011-2496
CVE-2011-2497
CVE-2011-2525
CVE-2011-2928
CVE-2011-3188
CVE-2011-3191
CVE-2011-1768
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14888
 
Oval ID: oval:org.mitre.oval:def:14888
Title: DSA-2303-2 linux-2.6 -- privilege escalation/denial of service/information leak
Description: The linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused a regression that can result in an oops during invalid accesses to /proc/<pid>/maps files. The text of the original advisory is reproduced for reference: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary. CVE-2011-1576 Ryan Sweat discovered an issue in the VLAN implementation. Local users may be able to cause a kernel memory leak, resulting in a denial of service. CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion. CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialised struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory. CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process" proc directory was world-readable, resulting in local information disclosure of information such as password lengths. CVE-2011-2496 Robert Swiecki discovered that mremap could be abused for local denial of service by triggering a BUG_ON assert. CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2517 It was discovered that the netlink-based wireless configuration interface performed insufficient length validation when parsing SSIDs, resulting in buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a denial of service. CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service by sending a specially crafted netlink message. CVE-2011-2700 Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the driver for the Si4713 FM Radio Transmitter driver used by N900 devices. Local users could exploit this issue to cause a denial of service or potentially gain elevated privileges. CVE-2011-2723 Brent Meshier reported an issue in the GRO implementation. This can be exploited by remote users to create a denial of service in certain network device configurations. CVE-2011-2905 Christian Ohm discovered that the "perf" analysis tool searches for its config files in the current working directory. This could lead to denial of service or potential privilege escalation if a user with elevated privileges is tricked into running "perf" in a directory under the control of the attacker. CVE-2011-2909 Vasiliy Kulikov of Openwall discovered that a programming error in the Comedi driver could lead to the information disclosure through leaked stack memory. CVE-2011-2918 Vince Weaver discovered that incorrect handling of software event overflows in the "perf" analysis tool could lead to local denial of service. CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session. CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System. A malicious file server could cause memory corruption leading to a denial of service. This update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768
Family: unix Class: patch
Reference(s): DSA-2303-2
CVE-2011-1020
CVE-2011-1576
CVE-2011-2484
CVE-2011-2491
CVE-2011-2492
CVE-2011-2495
CVE-2011-2496
CVE-2011-2497
CVE-2011-2517
CVE-2011-2525
CVE-2011-2700
CVE-2011-2723
CVE-2011-2905
CVE-2011-2909
CVE-2011-2918
CVE-2011-2928
CVE-2011-3188
CVE-2011-3191
CVE-2011-1768
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27903
 
Oval ID: oval:org.mitre.oval:def:27903
Title: ELSA-2011-2021 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update (moderate)
Description: [2.6.32-100.37.1.el6uek] - [net] gre: fix netns vs proto registration ordering {CVE-2011-1767} - [net] tunnels: fix netns vs proto registration ordering {CVE-2011-1768}
Family: unix Class: patch
Reference(s): ELSA-2011-2021
CVE-2011-1767
CVE-2011-1768
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1290

OpenVAS Exploits

Date Description
2012-06-06 Name : RedHat Update for kernel RHSA-2011:0928-01
File : nvt/gb_RHSA-2011_0928-01_kernel.nasl
2011-11-25 Name : Ubuntu Update for linux USN-1268-1
File : nvt/gb_ubuntu_USN_1268_1.nasl
2011-11-25 Name : Ubuntu Update for linux-fsl-imx51 USN-1271-1
File : nvt/gb_ubuntu_USN_1271_1.nasl
2011-11-11 Name : Ubuntu Update for linux-lts-backport-natty USN-1256-1
File : nvt/gb_ubuntu_USN_1256_1.nasl
2011-08-03 Name : Debian Security Advisory DSA 2264-1 (linux-2.6)
File : nvt/deb_2264_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
74652 Linux Kernel ip_gre Module ipgre_init() Function Namespaces Setup Race Condit...

Nessus® Vulnerability Scanner

Date Description
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1253.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0928.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-2021.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-2024.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1042.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110712_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1268-1.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1271-1.nasl - Type : ACT_GATHER_INFO
2011-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1256-1.nasl - Type : ACT_GATHER_INFO
2011-09-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1218-1.nasl - Type : ACT_GATHER_INFO
2011-09-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1216-1.nasl - Type : ACT_GATHER_INFO
2011-09-26 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2310.nasl - Type : ACT_GATHER_INFO
2011-09-15 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1208-1.nasl - Type : ACT_GATHER_INFO
2011-09-14 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1203-1.nasl - Type : ACT_GATHER_INFO
2011-09-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2303.nasl - Type : ACT_GATHER_INFO
2011-07-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0928.nasl - Type : ACT_GATHER_INFO
2011-06-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2264.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34
https://bugzilla.redhat.com/show_bug.cgi?id=702303
https://github.com/torvalds/linux/commit/d5aa407f59f5b83d2c50ec88f5bf56d40f1f...
MISC http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3...
MLIST http://www.openwall.com/lists/oss-security/2011/05/05/6

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Date Informations
2024-02-02 01:16:00
  • Multiple Updates
2024-02-01 12:04:33
  • Multiple Updates
2023-09-05 12:14:58
  • Multiple Updates
2023-09-05 01:04:25
  • Multiple Updates
2023-09-02 12:15:02
  • Multiple Updates
2023-09-02 01:04:29
  • Multiple Updates
2023-08-12 12:18:11
  • Multiple Updates
2023-08-12 01:04:30
  • Multiple Updates
2023-08-11 12:15:07
  • Multiple Updates
2023-08-11 01:04:37
  • Multiple Updates
2023-08-06 12:14:32
  • Multiple Updates
2023-08-06 01:04:30
  • Multiple Updates
2023-08-04 12:14:37
  • Multiple Updates
2023-08-04 01:04:31
  • Multiple Updates
2023-07-14 12:14:36
  • Multiple Updates
2023-07-14 01:04:28
  • Multiple Updates
2023-03-29 01:16:31
  • Multiple Updates
2023-03-28 12:04:35
  • Multiple Updates
2023-02-13 09:28:47
  • Multiple Updates
2022-10-11 12:13:01
  • Multiple Updates
2022-10-11 01:04:14
  • Multiple Updates
2022-03-11 01:10:46
  • Multiple Updates
2021-05-04 12:14:25
  • Multiple Updates
2021-04-22 01:15:40
  • Multiple Updates
2020-08-11 12:06:15
  • Multiple Updates
2020-08-08 01:06:19
  • Multiple Updates
2020-08-07 12:06:25
  • Multiple Updates
2020-08-01 12:06:22
  • Multiple Updates
2020-07-30 01:06:38
  • Multiple Updates
2020-05-23 01:44:25
  • Multiple Updates
2020-05-23 00:28:25
  • Multiple Updates
2019-01-25 12:03:53
  • Multiple Updates
2018-11-17 12:02:25
  • Multiple Updates
2018-10-30 12:04:11
  • Multiple Updates
2016-07-01 11:07:30
  • Multiple Updates
2016-06-29 00:20:07
  • Multiple Updates
2016-06-28 18:38:47
  • Multiple Updates
2016-04-26 20:44:01
  • Multiple Updates
2014-07-23 13:24:34
  • Multiple Updates
2014-02-17 11:02:06
  • Multiple Updates
2013-05-10 22:59:41
  • Multiple Updates