Executive Summary

Informations
Name CVE-2011-4326 First vendor Publication 2012-05-17
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4326

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14880
 
Oval ID: oval:org.mitre.oval:def:14880
Title: USN-1193-1 -- Linux kernel vulnerabilities
Description: linux: Linux kernel Multiple kernel flaws have been fixed.
Family: unix Class: patch
Reference(s): USN-1193-1
CVE-2011-1577
CVE-2011-1581
CVE-2011-2182
CVE-2011-2484
CVE-2011-2493
CVE-2011-3619
CVE-2011-4087
CVE-2011-4326
Version: 5
Platform(s): Ubuntu 11.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15273
 
Oval ID: oval:org.mitre.oval:def:15273
Title: USN-1294-1 -- Linux kernel (Oneiric backport) vulnerabilities
Description: linux-lts-backport-oneiric: Linux kernel backport from Oneiric Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1294-1
CVE-2011-1162
CVE-2011-2494
CVE-2011-2942
CVE-2011-3209
CVE-2011-3638
CVE-2011-4087
CVE-2011-4326
Version: 5
Platform(s): Ubuntu 10.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21641
 
Oval ID: oval:org.mitre.oval:def:21641
Title: RHSA-2011:1465: kernel security and bug fix update (Important)
Description: The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.
Family: unix Class: patch
Reference(s): RHSA-2011:1465-01
CVE-2011-1162
CVE-2011-1577
CVE-2011-2494
CVE-2011-2699
CVE-2011-2905
CVE-2011-3188
CVE-2011-3191
CVE-2011-3353
CVE-2011-3359
CVE-2011-3363
CVE-2011-3593
CVE-2011-4326
Version: 159
Platform(s): Red Hat Enterprise Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23677
 
Oval ID: oval:org.mitre.oval:def:23677
Title: ELSA-2011:1465: kernel security and bug fix update (Important)
Description: The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.
Family: unix Class: patch
Reference(s): ELSA-2011:1465-01
CVE-2011-1162
CVE-2011-1577
CVE-2011-2494
CVE-2011-2699
CVE-2011-2905
CVE-2011-3188
CVE-2011-3191
CVE-2011-3353
CVE-2011-3359
CVE-2011-3363
CVE-2011-3593
CVE-2011-4326
Version: 53
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28092
 
Oval ID: oval:org.mitre.oval:def:28092
Title: ELSA-2011-2033 -- Unbreakable Enterprise kernel security update (important)
Description: [2.6.32-200.23.1.el6uek] - net: Remove atmclip.h to prevent break kabi check. - KConfig: add CONFIG_UEK5=n to ol6/config-generic [2.6.32-200.22.1.el6uek] - ipv6: make fragment identifications less predictable (Joe Jin) {CVE-2011-2699} - vlan: fix panic when handling priority tagged frames (Joe Jin) {CVE-2011-3593} - ipv6: udp: fix the wrong headroom check (Maxim Uvarov) {CVE-2011-4326} - b43: allocate receive buffers big enough for max frame len + offset (Maxim Uvarov) {CVE-2011-3359} - fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message (Maxim Uvarov) {CVE-2011-3353} - cifs: fix possible memory corruption in CIFSFindNext (Maxim Uvarov) {CVE-2011-3191} - crypto: md5 - Add export support (Maxim Uvarov) {CVE-2011-2699} - fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops (Maxim Uvarov) {CVE-2011-1577} - block: use struct parsed_partitions *state universally in partition check code (Maxim Uvarov) - net: Compute protocol sequence numbers and fragment IDs using MD5. (Maxim Uvarov) {CVE-2011-3188} - crypto: Move md5_transform to lib/md5.c (Maxim Uvarov) {CVE-2011-3188} - perf tools: do not look at ./config for configuration (Maxim Uvarov) {CVE-2011-2905} - Make TASKSTATS require root access (Maxim Uvarov) {CVE-2011-2494} - TPM: Zero buffer after copying to userspace (Maxim Uvarov) {CVE-2011-1162} - TPM: Call tpm_transmit with correct size (Maxim Uvarov){CVE-2011-1161} - fnic: fix panic while booting in fnic(Xiaowei Hu) - Revert 'PCI hotplug: acpiphp: set current_state to D0 in register_slot' (Guru Anbalagane) - xen: drop xen_sched_clock in favour of using plain wallclock time (Jeremy Fitzhardinge) [2.6.32-200.21.1.el6uek] - PCI: Set device power state to PCI_D0 for device without native PM support (Ajaykumar Hotchandani) [orabug 13033435]
Family: unix Class: patch
Reference(s): ELSA-2011-2033
CVE-2011-1162
CVE-2011-1577
CVE-2011-2494
CVE-2011-2699
CVE-2011-3188
CVE-2011-3191
CVE-2011-3353
CVE-2011-3593
CVE-2011-4326
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28166
 
Oval ID: oval:org.mitre.oval:def:28166
Title: DEPRECATED: ELSA-2011-1465 -- kernel security and bug fix update (important)
Description: [2.6.32-131.21.1.el6] - [net] ipv6/udp: fix the wrong headroom check (Thomas Graf) [753167 698170] [2.6.32-131.20.1.el6] - [net] vlan: fix panic when handling priority tagged frames (Andy Gospodarek) [742849 714936] {CVE-2011-3593} - [netdrv] igb: fix WOL on second port of i350 device (Frantisek Hrbata) [743807 718293] - [kernel] fix taskstats io infoleak (Jerome Marchand) [716847 716848] {CVE-2011-2494} - [tpm] Zero buffer after copying to userspace (Jiri Benc) [732632 732633] {CVE-2011-1162} - [scsi] Revert megaraid_sas: Driver only report tape drive, JBOD and logic drives (Tomas Henzl) [741167 736667] - [x86] acpi: Prevent acpiphp from deadlocking on PCI-to-PCI bridge remove (Prarit Bhargava) [745557 732706] - [net] sctp: deal with multiple COOKIE_ECHO chunks (Frantisek Hrbata) [743510 729220] - [scsi] iscsi_tcp: fix locking around iscsi sk user data (Mike Christie) [741704 647268] - [kernel] first time swap use results in heavy swapping (Hendrik Brueckner) [747868 722461] - [scsi] Reduce error recovery time by reducing use of TURs (Mike Christie) [744811 691945] - [fs] cifs: add fallback in is_path_accessible for old servers (Jeff Layton) [738301 692709] {CVE-2011-3363} - [fs] cifs: always do is_path_accessible check in cifs_mount (Jeff Layton) [738301 692709] {CVE-2011-3363} - [net] ipv6: fix NULL dereference in udp6_ufo_fragment() (Jason Wang) [748808 740465] - [net] ipv6: make fragment identifications less predictable (Jiri Pirko) [723432 723433] {CVE-2011-2699} [2.6.32-131.19.1.el6] - [scsi] scan: don't fail scans when host is in recovery (Mike Christie) [734774 713682] - [netdrv] b43: allocate receive buffers big enough for max frame len + offset (RuiRui Yang) [738204 738205] {CVE-2011-3359} - [fs] fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message (RuiRui Yang) [736764 736765] {CVE-2011-3353} - [fs] cifs: fix possible memory corruption in CIFSFindNext (Jeff Layton) [737482 730354] {CVE-2011-3191} - [kernel] perf tools: do not look at ./config for configuration (Jiri Benc) [730203 730204] {CVE-2011-2905} - [x86] mm: Fix pgd_lock deadlock (Andrew Jones) [737570 691310] - [mm] pdpte registers are not flushed when PGD entry is changed in x86 PAE mode (Andrew Jones) [737570 691310] - [mm] Revert 'fix pgd_lock deadlock' (Andrew Jones) [737570 691310] - [fs] corrupted GUID partition tables can cause kernel oops (Jerome Marchand) [695981 695982] {CVE-2011-1577} - [net] Compute protocol sequence numbers and fragment IDs using MD5. (Jiri Pirko) [732664 732665] {CVE-2011-3188} - [crypto] Move md5_transform to lib/md5.c (Jiri Pirko) [732664 732665] {CVE-2011-3188} - [fs] SUNRPC: Fix use of static variable in rpcb_getport_async (Steve Dickson) [740230 723650] - [fs] NFSv4.1: update nfs4_fattr_bitmap_maxsz (Steve Dickson) [740230 723650] - [fs] SUNRPC: Fix a race between work-queue and rpc_killall_tasks (Steve Dickson) [740230 723650] - [fs] SUNRPC: Ensure we always run the tk_callback before tk_action (Steve Dickson) [740230 723650] - [misc] enclosure: fix error path to actually return ERR_PTR() on error (Tomas Henzl) [741166 713730] - [virt] KVM: make guest mode entry to be rcu quiescent state (Gleb Natapov) [740352 712653] - [virt] rcu: provide rcu_virt_note_context_switch() function (Gleb Natapov) [740352 712653] [2.6.32-131.18.1.el6] - [sched] wait_for_completion_interruptible_timeout() should return signed long (J. Bruce Fields) [745413 738379]
Family: unix Class: patch
Reference(s): ELSA-2011-1465
CVE-2011-1162
CVE-2011-1577
CVE-2011-2494
CVE-2011-2699
CVE-2011-2905
CVE-2011-3188
CVE-2011-3191
CVE-2011-3353
CVE-2011-3359
CVE-2011-3363
CVE-2011-3593
CVE-2011-4326
Version: 4
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1384

OpenVAS Exploits

Date Description
2012-07-09 Name : RedHat Update for kernel RHSA-2011:1465-01
File : nvt/gb_RHSA-2011_1465-01_kernel.nasl
2011-12-23 Name : Ubuntu Update for linux USN-1311-1
File : nvt/gb_ubuntu_USN_1311_1.nasl
2011-12-16 Name : Ubuntu Update for linux-ec2 USN-1299-1
File : nvt/gb_ubuntu_USN_1299_1.nasl
2011-12-16 Name : Ubuntu Update for linux-ti-omap4 USN-1302-1
File : nvt/gb_ubuntu_USN_1302_1.nasl
2011-12-16 Name : Ubuntu Update for linux-mvl-dove USN-1303-1
File : nvt/gb_ubuntu_USN_1303_1.nasl
2011-12-16 Name : Ubuntu Update for linux-ti-omap4 USN-1304-1
File : nvt/gb_ubuntu_USN_1304_1.nasl
2011-12-09 Name : Ubuntu Update for linux-lts-backport-maverick USN-1292-1
File : nvt/gb_ubuntu_USN_1292_1.nasl
2011-12-09 Name : Ubuntu Update for linux USN-1293-1
File : nvt/gb_ubuntu_USN_1293_1.nasl
2011-12-09 Name : Ubuntu Update for linux-lts-backport-oneiric USN-1294-1
File : nvt/gb_ubuntu_USN_1294_1.nasl
2011-12-05 Name : Ubuntu Update for linux USN-1286-1
File : nvt/gb_ubuntu_USN_1286_1.nasl
2011-12-02 Name : Fedora Update for kernel FEDORA-2011-16346
File : nvt/gb_fedora_2011_16346_kernel_fc14.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
77295 Linux Kernel UFO IPv6 UDP Datagram Parsing Remote DoS

Nessus® Vulnerability Scanner

Date Description
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0010.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-26.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1465.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-2033.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111122_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-12-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1311-1.nasl - Type : ACT_GATHER_INFO
2011-12-14 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-111202.nasl - Type : ACT_GATHER_INFO
2011-12-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1304-1.nasl - Type : ACT_GATHER_INFO
2011-12-14 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1303-1.nasl - Type : ACT_GATHER_INFO
2011-12-14 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1299-1.nasl - Type : ACT_GATHER_INFO
2011-12-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1302-1.nasl - Type : ACT_GATHER_INFO
2011-12-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1292-1.nasl - Type : ACT_GATHER_INFO
2011-12-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1293-1.nasl - Type : ACT_GATHER_INFO
2011-12-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1294-1.nasl - Type : ACT_GATHER_INFO
2011-12-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1286-1.nasl - Type : ACT_GATHER_INFO
2011-11-29 Name : The remote Fedora host is missing a security update.
File : fedora_2011-16346.nasl - Type : ACT_GATHER_INFO
2011-11-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1465.nasl - Type : ACT_GATHER_INFO
2011-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1256-1.nasl - Type : ACT_GATHER_INFO
2011-08-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1193-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/50751
CONFIRM http://downloads.avaya.com/css/P8/documents/100156038
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
https://bugzilla.redhat.com/show_bug.cgi?id=682066
https://bugzilla.redhat.com/show_bug.cgi?id=755584
https://github.com/torvalds/linux/commit/a9cf73ea7ff78f52662c8658d93c226effbb...
MISC http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3...
MLIST http://www.openwall.com/lists/oss-security/2011/11/21/10

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Date Informations
2024-02-02 01:17:36
  • Multiple Updates
2024-02-01 12:05:12
  • Multiple Updates
2023-09-05 12:16:31
  • Multiple Updates
2023-09-05 01:05:05
  • Multiple Updates
2023-09-02 12:16:37
  • Multiple Updates
2023-09-02 01:05:10
  • Multiple Updates
2023-08-12 12:20:12
  • Multiple Updates
2023-08-12 01:05:11
  • Multiple Updates
2023-08-11 12:16:42
  • Multiple Updates
2023-08-11 01:05:21
  • Multiple Updates
2023-08-06 12:16:03
  • Multiple Updates
2023-08-06 01:05:11
  • Multiple Updates
2023-08-04 12:16:07
  • Multiple Updates
2023-08-04 01:05:12
  • Multiple Updates
2023-07-14 12:16:07
  • Multiple Updates
2023-07-14 01:05:09
  • Multiple Updates
2023-03-29 01:18:00
  • Multiple Updates
2023-03-28 12:05:17
  • Multiple Updates
2023-02-13 09:28:50
  • Multiple Updates
2023-02-02 21:28:44
  • Multiple Updates
2022-10-11 12:14:23
  • Multiple Updates
2022-10-11 01:04:54
  • Multiple Updates
2022-03-11 01:11:49
  • Multiple Updates
2021-05-25 12:09:05
  • Multiple Updates
2021-05-04 12:18:49
  • Multiple Updates
2021-04-22 01:22:28
  • Multiple Updates
2020-08-11 12:06:59
  • Multiple Updates
2020-08-08 01:07:01
  • Multiple Updates
2020-08-07 12:07:08
  • Multiple Updates
2020-08-07 01:07:16
  • Multiple Updates
2020-08-01 09:22:48
  • Multiple Updates
2020-08-01 05:22:45
  • Multiple Updates
2020-07-29 21:23:06
  • Multiple Updates
2020-07-28 17:22:40
  • Multiple Updates
2020-05-23 01:47:31
  • Multiple Updates
2020-05-23 00:32:12
  • Multiple Updates
2019-01-25 12:04:25
  • Multiple Updates
2018-11-17 12:02:57
  • Multiple Updates
2018-10-30 12:04:44
  • Multiple Updates
2016-07-01 11:08:00
  • Multiple Updates
2016-06-29 00:23:33
  • Multiple Updates
2016-06-28 18:54:04
  • Multiple Updates
2016-04-26 21:13:49
  • Multiple Updates
2015-05-06 09:28:09
  • Multiple Updates
2014-07-23 13:24:40
  • Multiple Updates
2014-02-17 11:06:11
  • Multiple Updates
2013-05-10 23:10:27
  • Multiple Updates