Executive Summary

Informations
Name CVE-2011-2695 First vendor Publication 2011-07-28
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.9 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2695

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-193 Off-by-one Error

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22054
 
Oval ID: oval:org.mitre.oval:def:22054
Title: RHSA-2011:1189: kernel security, bug fix, and enhancement update (Important)
Description: Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.
Family: unix Class: patch
Reference(s): RHSA-2011:1189-01
CVE-2011-1182
CVE-2011-1576
CVE-2011-1593
CVE-2011-1776
CVE-2011-1898
CVE-2011-2183
CVE-2011-2213
CVE-2011-2491
CVE-2011-2492
CVE-2011-2495
CVE-2011-2497
CVE-2011-2517
CVE-2011-2689
CVE-2011-2695
Version: 185
Platform(s): Red Hat Enterprise Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23636
 
Oval ID: oval:org.mitre.oval:def:23636
Title: ELSA-2011:1189: kernel security, bug fix, and enhancement update (Important)
Description: Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.
Family: unix Class: patch
Reference(s): ELSA-2011:1189-01
CVE-2011-1182
CVE-2011-1576
CVE-2011-1593
CVE-2011-1776
CVE-2011-1898
CVE-2011-2183
CVE-2011-2213
CVE-2011-2491
CVE-2011-2492
CVE-2011-2495
CVE-2011-2497
CVE-2011-2517
CVE-2011-2689
CVE-2011-2695
Version: 61
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28043
 
Oval ID: oval:org.mitre.oval:def:28043
Title: DEPRECATED: ELSA-2011-1189 -- kernel security, bug fix, and enhancement update (important)
Description: [2.6.32-131.12.1.el6] - [netdrv] be2net: clear intr bit in be_probe() (Ivan Vecera) [726308 722596]
Family: unix Class: patch
Reference(s): ELSA-2011-1189
CVE-2011-1182
CVE-2011-1576
CVE-2011-1593
CVE-2011-1776
CVE-2011-1898
CVE-2011-2183
CVE-2011-2213
CVE-2011-2491
CVE-2011-2492
CVE-2011-2495
CVE-2011-2497
CVE-2011-2517
CVE-2011-2689
CVE-2011-2695
Version: 4
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28157
 
Oval ID: oval:org.mitre.oval:def:28157
Title: ELSA-2011-2025 -- Unbreakable Enterprise kernel security and bug fix update (important)
Description: [2.6.32-200.19.1.el6uek] - Apply new fix for CVE-2011-1576. [2.6.32-200.18.1.el6uek] - Revert 'proc: fix a race in do_io_accounting' [2.6.32-200.17.1.el6uek] - net: Fix memory leak/corruption on VLAN GRO_DROP {CVE-2011-1576} - iommu-api: Extension to check for interrupt remapping {CVE-2011-1898} - KVM: IOMMU: Disable device assignment without interrupt remapping {CVE-2011-1898} - ext4: Fix max file size and logical block counting of extent format file {CVE-2011-2695} - nl80211: fix overflow in ssid_len {CVE-2011-2517} - Bluetooth: Prevent buffer overflow in l2cap config request {CVE-2011-2497} - proc: fix a race in do_io_accounting() {CVE-2011-2495} - proc: restrict access to /proc/PID/io {CVE-2011-2495} - Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace {CVE-2011-2492} - NLM: Don't hang forever on NLM unlock requests {CVE-2011-2491} - ksm: fix NULL pointer dereference in scan_get_next_rmap_item() {CVE-2011-2183}
Family: unix Class: patch
Reference(s): ELSA-2011-2025
CVE-2011-1576
CVE-2011-1898
CVE-2011-2183
CVE-2011-2491
CVE-2011-2492
CVE-2011-2495
CVE-2011-2497
CVE-2011-2517
CVE-2011-2695
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1401

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for kernel CESA-2011:1386 centos5 x86_64
File : nvt/gb_CESA-2011_1386_kernel_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for xen CESA-2011:1401 centos5 x86_64
File : nvt/gb_CESA-2011_1401_xen_centos5_x86_64.nasl
2012-07-09 Name : RedHat Update for kernel RHSA-2011:1189-01
File : nvt/gb_RHSA-2011_1189-01_kernel.nasl
2011-12-02 Name : Fedora Update for kernel FEDORA-2011-16346
File : nvt/gb_fedora_2011_16346_kernel_fc14.nasl
2011-11-11 Name : Ubuntu Update for linux-lts-backport-natty USN-1256-1
File : nvt/gb_ubuntu_USN_1256_1.nasl
2011-11-11 Name : Ubuntu Update for linux USN-1253-1
File : nvt/gb_ubuntu_USN_1253_1.nasl
2011-11-08 Name : Fedora Update for kernel FEDORA-2011-15241
File : nvt/gb_fedora_2011_15241_kernel_fc14.nasl
2011-10-31 Name : Ubuntu Update for linux-ec2 USN-1239-1
File : nvt/gb_ubuntu_USN_1239_1.nasl
2011-10-31 Name : Ubuntu Update for linux USN-1246-1
File : nvt/gb_ubuntu_USN_1246_1.nasl
2011-10-31 Name : Ubuntu Update for linux-mvl-dove USN-1245-1
File : nvt/gb_ubuntu_USN_1245_1.nasl
2011-10-31 Name : Ubuntu Update for linux-ti-omap4 USN-1244-1
File : nvt/gb_ubuntu_USN_1244_1.nasl
2011-10-31 Name : Ubuntu Update for linux USN-1243-1
File : nvt/gb_ubuntu_USN_1243_1.nasl
2011-10-31 Name : Ubuntu Update for linux-lts-backport-maverick USN-1242-1
File : nvt/gb_ubuntu_USN_1242_1.nasl
2011-10-31 Name : Ubuntu Update for linux-fsl-imx51 USN-1241-1
File : nvt/gb_ubuntu_USN_1241_1.nasl
2011-10-31 Name : Ubuntu Update for linux-mvl-dove USN-1240-1
File : nvt/gb_ubuntu_USN_1240_1.nasl
2011-10-31 Name : CentOS Update for xen CESA-2011:1401 centos5 i386
File : nvt/gb_CESA-2011_1401_xen_centos5_i386.nasl
2011-10-31 Name : Fedora Update for kernel FEDORA-2011-14747
File : nvt/gb_fedora_2011_14747_kernel_fc14.nasl
2011-10-31 Name : RedHat Update for xen RHSA-2011:1401-01
File : nvt/gb_RHSA-2011_1401-01_xen.nasl
2011-10-21 Name : CentOS Update for kernel CESA-2011:1386 centos5 i386
File : nvt/gb_CESA-2011_1386_kernel_centos5_i386.nasl
2011-10-21 Name : RedHat Update for kernel RHSA-2011:1386-01
File : nvt/gb_RHSA-2011_1386-01_kernel.nasl
2011-10-14 Name : Ubuntu Update for linux-ti-omap4 USN-1228-1
File : nvt/gb_ubuntu_USN_1228_1.nasl
2011-10-10 Name : Fedora Update for kernel FEDORA-2011-12874
File : nvt/gb_fedora_2011_12874_kernel_fc14.nasl
2011-08-27 Name : Fedora Update for kernel FEDORA-2011-11103
File : nvt/gb_fedora_2011_11103_kernel_fc14.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
74123 Linux Kernel ext4 Subsystem Extent Format Sparse File Off-by-one Local DoS

Nessus® Vulnerability Scanner

Date Description
2014-11-17 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-1408.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1253.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_kernel-111026.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1189.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1386.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1401.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-2025.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110823_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111020_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1256-1.nasl - Type : ACT_GATHER_INFO
2011-11-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1253-1.nasl - Type : ACT_GATHER_INFO
2011-10-26 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1239-1.nasl - Type : ACT_GATHER_INFO
2011-10-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1246-1.nasl - Type : ACT_GATHER_INFO
2011-10-26 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1245-1.nasl - Type : ACT_GATHER_INFO
2011-10-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1244-1.nasl - Type : ACT_GATHER_INFO
2011-10-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1243-1.nasl - Type : ACT_GATHER_INFO
2011-10-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1242-1.nasl - Type : ACT_GATHER_INFO
2011-10-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1241-1.nasl - Type : ACT_GATHER_INFO
2011-10-26 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1240-1.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1401.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1401.nasl - Type : ACT_GATHER_INFO
2011-10-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1386.nasl - Type : ACT_GATHER_INFO
2011-10-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1386.nasl - Type : ACT_GATHER_INFO
2011-10-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1228-1.nasl - Type : ACT_GATHER_INFO
2011-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1189.nasl - Type : ACT_GATHER_INFO
2011-08-23 Name : The remote Fedora host is missing a security update.
File : fedora_2011-11103.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc5
https://bugzilla.redhat.com/show_bug.cgi?id=722557
MISC http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3...
MLIST http://www.openwall.com/lists/oss-security/2011/07/15/7
http://www.openwall.com/lists/oss-security/2011/07/15/8
http://www.spinics.net/lists/linux-ext4/msg25697.html
SECUNIA http://secunia.com/advisories/45193

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Date Informations
2024-02-02 01:16:29
  • Multiple Updates
2024-02-01 12:04:43
  • Multiple Updates
2023-09-05 12:15:26
  • Multiple Updates
2023-09-05 01:04:35
  • Multiple Updates
2023-09-02 12:15:31
  • Multiple Updates
2023-09-02 01:04:39
  • Multiple Updates
2023-08-12 12:18:44
  • Multiple Updates
2023-08-12 01:04:40
  • Multiple Updates
2023-08-11 12:15:36
  • Multiple Updates
2023-08-11 01:04:48
  • Multiple Updates
2023-08-06 12:14:59
  • Multiple Updates
2023-08-06 01:04:40
  • Multiple Updates
2023-08-04 12:15:04
  • Multiple Updates
2023-08-04 01:04:41
  • Multiple Updates
2023-07-14 12:15:03
  • Multiple Updates
2023-07-14 01:04:39
  • Multiple Updates
2023-03-29 01:16:57
  • Multiple Updates
2023-03-28 12:04:45
  • Multiple Updates
2023-02-13 05:28:34
  • Multiple Updates
2022-10-11 12:13:25
  • Multiple Updates
2022-10-11 01:04:24
  • Multiple Updates
2022-03-11 01:11:06
  • Multiple Updates
2021-05-25 12:08:28
  • Multiple Updates
2021-05-04 12:17:16
  • Multiple Updates
2021-04-22 01:20:28
  • Multiple Updates
2020-08-11 12:06:28
  • Multiple Updates
2020-08-07 21:23:11
  • Multiple Updates
2020-08-07 09:22:49
  • Multiple Updates
2020-08-07 00:22:47
  • Multiple Updates
2020-08-01 09:22:46
  • Multiple Updates
2020-08-01 05:22:43
  • Multiple Updates
2020-08-01 00:22:43
  • Multiple Updates
2020-07-30 01:06:51
  • Multiple Updates
2020-05-23 01:44:54
  • Multiple Updates
2020-05-23 00:29:01
  • Multiple Updates
2019-01-25 12:04:01
  • Multiple Updates
2018-11-17 12:02:33
  • Multiple Updates
2018-10-30 12:04:20
  • Multiple Updates
2016-07-01 11:07:37
  • Multiple Updates
2016-06-29 00:21:17
  • Multiple Updates
2016-06-28 18:43:24
  • Multiple Updates
2016-04-26 20:53:19
  • Multiple Updates
2014-11-18 13:25:51
  • Multiple Updates
2014-07-23 13:24:36
  • Multiple Updates
2014-06-14 13:31:07
  • Multiple Updates
2014-02-17 11:03:35
  • Multiple Updates
2013-05-10 23:03:38
  • Multiple Updates