Executive Summary

Informations
Name CVE-2011-4110 First vendor Publication 2012-01-27
Vendor Cve Last vendor Modification 2012-03-22

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22198
 
Oval ID: oval:org.mitre.oval:def:22198
Title: RHSA-2011:1479: kernel security, bug fix, and enhancement update (Important)
Description: The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."
Family: unix Class: patch
Reference(s): RHSA-2011:1479-01
CESA-2011:1479
CVE-2011-1162
CVE-2011-1898
CVE-2011-2203
CVE-2011-2494
CVE-2011-3363
CVE-2011-4110
Version: 81
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20706
 
Oval ID: oval:org.mitre.oval:def:20706
Title: VMware vSphere and vCOps updates to third party libraries
Description: The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."
Family: unix Class: vulnerability
Reference(s): CVE-2011-4110
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15438
 
Oval ID: oval:org.mitre.oval:def:15438
Title: USN-1341-1 -- Linux kernel vulnerabilities
Description: linux: Linux kernel Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1341-1
CVE-2011-1162
CVE-2011-1759
CVE-2011-2182
CVE-2011-2203
CVE-2011-4110
Version: 5
Platform(s): Ubuntu 10.10
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15353
 
Oval ID: oval:org.mitre.oval:def:15353
Title: USN-1325-1 -- Linux kernel (OMAP4) vulnerabilities
Description: linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1325-1
CVE-2011-1162
CVE-2011-2203
CVE-2011-3353
CVE-2011-3359
CVE-2011-4110
Version: 5
Platform(s): Ubuntu 10.10
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15337
 
Oval ID: oval:org.mitre.oval:def:15337
Title: USN-1332-1 -- Linux kernel (Maverick backport) vulnerabilities
Description: linux-lts-backport-maverick: Linux kernel backport from Maverick Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1332-1
CVE-2011-1162
CVE-2011-1759
CVE-2011-2182
CVE-2011-2203
CVE-2011-4110
Version: 5
Platform(s): Ubuntu 10.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15318
 
Oval ID: oval:org.mitre.oval:def:15318
Title: USN-1337-1 -- Linux kernel (Natty backport) vulnerabilities
Description: linux-lts-backport-natty: Linux kernel backport from Natty Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1337-1
CVE-2011-1162
CVE-2011-2203
CVE-2011-4110
Version: 5
Platform(s): Ubuntu 10.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15311
 
Oval ID: oval:org.mitre.oval:def:15311
Title: USN-1324-1 -- Linux kernel (EC2) vulnerabilities
Description: linux-ec2: Linux kernel for EC2 Two security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1324-1
CVE-2011-2203
CVE-2011-4110
Version: 5
Platform(s): Ubuntu 10.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15269
 
Oval ID: oval:org.mitre.oval:def:15269
Title: USN-1328-1 -- Linux kernel (Marvell DOVE) vulnerabilities
Description: linux-mvl-dove: Linux kernel for DOVE Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1328-1
CVE-2011-2203
CVE-2011-4110
Version: 5
Platform(s): Ubuntu 10.10
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15235
 
Oval ID: oval:org.mitre.oval:def:15235
Title: USN-1323-1 -- Linux kernel vulnerabilities
Description: linux: Linux kernel Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1323-1
CVE-2011-1162
CVE-2011-2203
CVE-2011-3359
CVE-2011-4110
Version: 5
Platform(s): Ubuntu 8.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15220
 
Oval ID: oval:org.mitre.oval:def:15220
Title: USN-1345-1 -- Linux kernel vulnerabilities
Description: linux: Linux kernel Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1345-1
CVE-2011-1162
CVE-2011-2203
CVE-2011-4110
Version: 5
Platform(s): Ubuntu 11.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15214
 
Oval ID: oval:org.mitre.oval:def:15214
Title: USN-1319-1 -- Linux kernel (OMAP4) vulnerabilities
Description: linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1319-1
CVE-2011-1162
CVE-2011-2203
CVE-2011-4110
Version: 5
Platform(s): Ubuntu 11.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14862
 
Oval ID: oval:org.mitre.oval:def:14862
Title: USN-1318-1 -- Linux kernel (FSL-IMX51) vulnerabilities
Description: linux-fsl-imx51: Linux kernel for IMX51 Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1318-1
CVE-2011-1162
CVE-2011-2203
CVE-2011-4110
Version: 5
Platform(s): Ubuntu 10.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14673
 
Oval ID: oval:org.mitre.oval:def:14673
Title: USN-1344-1 -- linux vulnerabilities
Description: linux: Linux kernel Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1344-1
CVE-2011-2203
CVE-2011-4110
Version: 5
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23202
 
Oval ID: oval:org.mitre.oval:def:23202
Title: ELSA-2011:1479: kernel security, bug fix, and enhancement update (Important)
Description: The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."
Family: unix Class: patch
Reference(s): ELSA-2011:1479-01
CVE-2011-1162
CVE-2011-1898
CVE-2011-2203
CVE-2011-2494
CVE-2011-3363
CVE-2011-4110
Version: 29
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os1

OpenVAS Exploits

DateDescription
2013-09-18Name : Debian Security Advisory DSA 2389-1 (linux-2.6 - privilege escalation/denial ...
File : nvt/deb_2389_1.nasl
2012-08-31Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
File : nvt/gb_VMSA-2012-0013.nasl
2012-07-30Name : CentOS Update for kernel CESA-2011:1479 centos5 x86_64
File : nvt/gb_CESA-2011_1479_kernel_centos5_x86_64.nasl
2012-07-30Name : CentOS Update for kernel CESA-2012:0052 centos6
File : nvt/gb_CESA-2012_0052_kernel_centos6.nasl
2012-07-30Name : CentOS Update for kernel CESA-2012:0350 centos6
File : nvt/gb_CESA-2012_0350_kernel_centos6.nasl
2012-07-09Name : RedHat Update for Red Hat Enterprise Linux 6 kernel RHSA-2011:1530-03
File : nvt/gb_RHSA-2011_1530-03_Red_Hat_Enterprise_Linux_6_kernel.nasl
2012-07-09Name : RedHat Update for kernel RHSA-2012:0052-01
File : nvt/gb_RHSA-2012_0052-01_kernel.nasl
2012-07-09Name : RedHat Update for kernel RHSA-2012:0350-01
File : nvt/gb_RHSA-2012_0350-01_kernel.nasl
2012-04-02Name : Fedora Update for kernel FEDORA-2011-16237
File : nvt/gb_fedora_2011_16237_kernel_fc16.nasl
2012-03-16Name : Ubuntu Update for linux USN-1322-1
File : nvt/gb_ubuntu_USN_1322_1.nasl
2012-03-16Name : Ubuntu Update for linux-ti-omap4 USN-1330-1
File : nvt/gb_ubuntu_USN_1330_1.nasl
2012-01-25Name : Ubuntu Update for linux-lts-backport-natty USN-1337-1
File : nvt/gb_ubuntu_USN_1337_1.nasl
2012-01-25Name : Ubuntu Update for linux-lts-backport-oneiric USN-1340-1
File : nvt/gb_ubuntu_USN_1340_1.nasl
2012-01-25Name : Ubuntu Update for linux USN-1341-1
File : nvt/gb_ubuntu_USN_1341_1.nasl
2012-01-25Name : Ubuntu Update for linux USN-1344-1
File : nvt/gb_ubuntu_USN_1344_1.nasl
2012-01-25Name : Ubuntu Update for linux USN-1345-1
File : nvt/gb_ubuntu_USN_1345_1.nasl
2012-01-16Name : Ubuntu Update for linux-mvl-dove USN-1328-1
File : nvt/gb_ubuntu_USN_1328_1.nasl
2012-01-16Name : Ubuntu Update for linux-lts-backport-maverick USN-1332-1
File : nvt/gb_ubuntu_USN_1332_1.nasl
2012-01-13Name : Ubuntu Update for linux USN-1323-1
File : nvt/gb_ubuntu_USN_1323_1.nasl
2012-01-13Name : Ubuntu Update for linux-ec2 USN-1324-1
File : nvt/gb_ubuntu_USN_1324_1.nasl
2012-01-13Name : Ubuntu Update for linux-ti-omap4 USN-1325-1
File : nvt/gb_ubuntu_USN_1325_1.nasl
2012-01-09Name : Ubuntu Update for linux-fsl-imx51 USN-1318-1
File : nvt/gb_ubuntu_USN_1318_1.nasl
2012-01-09Name : Ubuntu Update for linux-ti-omap4 USN-1319-1
File : nvt/gb_ubuntu_USN_1319_1.nasl
2011-12-12Name : Fedora Update for kernel FEDORA-2011-16621
File : nvt/gb_fedora_2011_16621_kernel_fc15.nasl
2011-12-02Name : RedHat Update for kernel RHSA-2011:1479-01
File : nvt/gb_RHSA-2011_1479-01_kernel.nasl
2011-12-02Name : CentOS Update for kernel CESA-2011:1479 centos5 i386
File : nvt/gb_CESA-2011_1479_kernel_centos5_i386.nasl
2011-12-02Name : Fedora Update for kernel FEDORA-2011-16346
File : nvt/gb_fedora_2011_16346_kernel_fc14.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
77450Linux Kernel security/keys/user_defined.c user_update() Function NULL Pointer...

Information Assurance Vulnerability Management (IAVM)

DateDescription
2012-09-27IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity : Category I - VMSKEY : V0033884
2012-09-13IAVM : 2012-B-0086 - VMware vCenter Operations Arbitrary File Overwrite Vulnerability
Severity : Category I - VMSKEY : V0033791
2012-09-13IAVM : 2012-A-0146 - Multiple Vulnerabilities in VMware vCenter Update Manager 4.1
Severity : Category I - VMSKEY : V0033792
2012-09-13IAVM : 2012-A-0147 - Multiple Vulnerabilities in VMware vCenter Server 4.1
Severity : Category I - VMSKEY : V0033793
2012-09-13IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity : Category I - VMSKEY : V0033794

Nessus® Vulnerability Scanner

DateDescription
2014-07-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0010.nasl - Type : ACT_GATHER_INFO
2014-07-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0333.nasl - Type : ACT_GATHER_INFO
2014-07-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0566.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-756.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-26.nasl - Type : ACT_GATHER_INFO
2013-07-29Name : The remote host has a virtualization appliance installed that is affected by ...
File : vcenter_operations_manager_vmsa_2012-0013.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0350.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1479.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-2037.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0052.nasl - Type : ACT_GATHER_INFO
2013-06-29Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1479.nasl - Type : ACT_GATHER_INFO
2013-06-17Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_vcenter_update_mgr_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2013-06-05Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0116.nasl - Type : ACT_GATHER_INFO
2012-10-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-8324.nasl - Type : ACT_GATHER_INFO
2012-10-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-8325.nasl - Type : ACT_GATHER_INFO
2012-08-31Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111129_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111206_Scientific_Linux_6_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-03-08Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0350.nasl - Type : ACT_GATHER_INFO
2012-03-07Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0350.nasl - Type : ACT_GATHER_INFO
2012-02-07Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-120129.nasl - Type : ACT_GATHER_INFO
2012-02-07Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-120130.nasl - Type : ACT_GATHER_INFO
2012-01-25Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0052.nasl - Type : ACT_GATHER_INFO
2012-01-25Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1344-1.nasl - Type : ACT_GATHER_INFO
2012-01-25Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1345-1.nasl - Type : ACT_GATHER_INFO
2012-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0052.nasl - Type : ACT_GATHER_INFO
2012-01-24Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1336-1.nasl - Type : ACT_GATHER_INFO
2012-01-24Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1337-1.nasl - Type : ACT_GATHER_INFO
2012-01-24Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1340-1.nasl - Type : ACT_GATHER_INFO
2012-01-24Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1341-1.nasl - Type : ACT_GATHER_INFO
2012-01-18Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2389.nasl - Type : ACT_GATHER_INFO
2012-01-13Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1328-1.nasl - Type : ACT_GATHER_INFO
2012-01-13Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1330-1.nasl - Type : ACT_GATHER_INFO
2012-01-13Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1332-1.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1323-1.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1324-1.nasl - Type : ACT_GATHER_INFO
2012-01-12Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1325-1.nasl - Type : ACT_GATHER_INFO
2012-01-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1322-1.nasl - Type : ACT_GATHER_INFO
2012-01-06Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1318-1.nasl - Type : ACT_GATHER_INFO
2012-01-06Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1319-1.nasl - Type : ACT_GATHER_INFO
2011-12-12Name : The remote Fedora host is missing a security update.
File : fedora_2011-16621.nasl - Type : ACT_GATHER_INFO
2011-12-06Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1530.nasl - Type : ACT_GATHER_INFO
2011-11-30Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1479.nasl - Type : ACT_GATHER_INFO
2011-11-29Name : The remote Fedora host is missing a security update.
File : fedora_2011-16346.nasl - Type : ACT_GATHER_INFO
2011-11-26Name : The remote Fedora host is missing a security update.
File : fedora_2011-16237.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/50755
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=751297
MLIST http://www.openwall.com/lists/oss-security/2011/11/21/19
http://www.openwall.com/lists/oss-security/2011/11/22/5
http://www.openwall.com/lists/oss-security/2011/11/22/6
https://lkml.org/lkml/2011/11/15/363
SECUNIA http://secunia.com/advisories/47754
UBUNTU http://www.ubuntu.com/usn/USN-1324-1
http://www.ubuntu.com/usn/USN-1328-1
http://www.ubuntu.com/usn/USN-1344-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2014-07-23 13:24:39
  • Multiple Updates
2014-06-14 13:31:54
  • Multiple Updates
2014-02-17 11:05:59
  • Multiple Updates
2013-11-11 12:39:38
  • Multiple Updates
2013-09-20 17:21:09
  • Multiple Updates
2013-05-10 23:10:05
  • Multiple Updates