Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-2182 | First vendor Publication | 2012-06-13 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1017. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2182 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12997 | |||
| Oval ID: | oval:org.mitre.oval:def:12997 | ||
| Title: | DSA-2264-1 linux-2.6 -- privilege escalation/denial of service/information leak | ||
| Description: | Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2524 David Howells reported an issue in the Common Internet File System. Local users could cause arbitrary CIFS shares to be mounted by introducing malicious redirects. CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to sensitive kernel memory. CVE-2010-4075 Dan Rosenberg reported an issue in the tty layer that may allow local users to obtain access to sensitive kernel memory. CVE-2010-4655 Kees Cook discovered several issues in the ethtool interface which may allow local users with the CAP_NET_ADMIN capability to obtain access to sensitive kernel memory. CVE-2011-0695 Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can exploit a race condition to cause a denial of service. CVE-2011-0710 Al Viro reported an issue in the /proc/<pid>/status interface on the s390 architecture. Local users could gain access to sensitive memory in processes they do not own via the task_show_regs entry. CVE-2011-0711 Dan Rosenberg reported an issue in the XFS filesystem. Local users may obtain access to sensitive kernel memory. CVE-2011-0726 Kees Cook reported an issue in the /proc/pid/stat implementation. Local users could learn the text location of a process, defeating protections provided by address space layout randomization. CVE-2011-1010 Timo Warns reported an issue in the Linux support for Mac partition tables. Local users with physical access could cause a denial of service by adding a storage device with a malicious map_count value. CVE-2011-1012 Timo Warns reported an issue in the Linux support for Mac partition tables. Local users with physical access could cause a denial of service by adding a storage device with a malicious map_count value. CVE-2011-1017 Timo Warns reported an issue in the Linux support for LDM partition tables. Users with physical access can gain access to sensitive kernel memory or gain elevated privileges by adding a storage device with a specially crafted LDM partition. CVE-2011-1078 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users can obtain access to sensitive kernel memory. CVE-2011-1079 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users with the CAP_NET_ADMIN capability can cause a denial of service. CVE-2011-1080 Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users can obtain access to sensitive kernel memory. CVE-2011-1090 Neil Horman discovered a memory leak in the setacl call on NFSv4 filesystems. Local users can exploit this to cause a denial of service. CVE-2011-1093 Johan Hovold reported an issue in the Datagram Congestion Control Protocol implementation. Remote users could cause a denial of service by sending data after closing a socket. CVE-2011-1160 Peter Huewe reported an issue in the Linux kernel's support for TPM security chips. Local users with permission to open the device can gain access to sensitive kernel memory. CVE-2011-1163 Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted OSF partition. CVE-2011-1170 Vasiliy Kulikov reported an issue in the Netfilter arp table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1171 Vasiliy Kulikov reported an issue in the Netfilter IP table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1172 Vasiliy Kulikov reported an issue in the Netfilter IP6 table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1173 Vasiliy Kulikov reported an issue in the Acorn Econet protocol implementation. Local users can obtain access to sensitive kernel memory on systems that use this rare hardware. CVE-2011-1180 Dan Rosenberg reported a buffer overflow in the Information Access Service of the IrDA protocol, used for Infrared devices. Remote attackers within IR device range can cause a denial of service or possibly gain elevated privileges. CVE-2011-1182 Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local users can generate signals with falsified source pid and uid information. CVE-2011-1477 Dan Rosenberg reported issues in the Open Sound System driver for cards that include a Yamaha FM synthesizer chip. Local users can cause memory corruption resulting in a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable. CVE-2011-1493 Dan Rosenburg reported two issues in the Linux implementation of the Amateur Radio X.25 PLP protocol. A remote user can cause a denial of service by providing specially crafted facilities fields. CVE-2011-1577 Timo Warns reported an issue in the Linux support for GPT partition tables. Local users with physical access could cause a denial of service by adding a storage device with a malicious partition table header. CVE-2011-1593 Robert Swiecki reported a signednes issue in the next_pidmap function, which can be exploited my local users to cause a denial of service. CVE-2011-1598 Dave Jones reported an issue in the Broadcast Manager Controller Area Network protocol that may allow local users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1745 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1746 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the agp_allocate_memory and agp_create_user_memory. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1748 Oliver Kartkopp reported an issue in the Controller Area Network raw socket implementation which permits ocal users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1759 Dan Rosenberg reported an issue in the support for executing "old ABI" binaries on ARM processors. Local users can obtain elevated privileges due to insufficient bounds checking in the semtimedop system call. CVE-2011-1767 Alexecy Dobriyan reported an issue in the GRE over IP implementation. Remote users can cause a denial of service by sending a packet during module initialisation. CVE-2011-1768 Alexecy Dobriyan reported an issue in the IP tunnels implementation. Remote users can cause a denial of service by sending a packet during module initialisation. CVE-2011-1776 Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. CVE-2011-2022 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-2182 Ben Hutchings reported an issue with the fix for CVE-2011-1017 that made it insufficient to resolve the issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2264-1 CVE-2010-2524 CVE-2010-3875 CVE-2010-4075 CVE-2010-4655 CVE-2011-0695 CVE-2011-0710 CVE-2011-0711 CVE-2011-0726 CVE-2011-1010 CVE-2011-1012 CVE-2011-1017 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1093 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1477 CVE-2011-1493 CVE-2011-1577 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1768 CVE-2011-1776 CVE-2011-2022 CVE-2011-2182 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | linux-2.6 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15338 | |||
| Oval ID: | oval:org.mitre.oval:def:15338 | ||
| Title: | USN-1392-1 -- Linux kernel (FSL-IMX51) vulnerability | ||
| Description: | linux-fsl-imx51: Linux kernel for IMX51 The system could be made to crash or run programs as an administrator. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1392-1 CVE-2011-2182 | Version: | 5 |
| Platform(s): | Ubuntu 10.04 | Product(s): | Linux |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-03-09 | Name : Ubuntu Update for linux-fsl-imx51 USN-1392-1 File : nvt/gb_ubuntu_USN_1392_1.nasl |
| 2012-03-09 | Name : Ubuntu Update for linux-ti-omap4 USN-1394-1 File : nvt/gb_ubuntu_USN_1394_1.nasl |
| 2012-03-07 | Name : Ubuntu Update for linux-ti-omap4 USN-1383-1 File : nvt/gb_ubuntu_USN_1383_1.nasl |
| 2012-03-07 | Name : Ubuntu Update for linux USN-1390-1 File : nvt/gb_ubuntu_USN_1390_1.nasl |
| 2011-08-03 | Name : Debian Security Advisory DSA 2264-1 (linux-2.6) File : nvt/deb_2264_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 74662 | Linux Kernel fs/partitions/ldm.c LDM Partition Evaluation Local DoS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_kernel-110726.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_kernel-110726.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-2037.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7729.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7665.nasl - Type : ACT_GATHER_INFO |
| 2012-03-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1394-1.nasl - Type : ACT_GATHER_INFO |
| 2012-03-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1392-1.nasl - Type : ACT_GATHER_INFO |
| 2012-03-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1390-1.nasl - Type : ACT_GATHER_INFO |
| 2012-03-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1383-1.nasl - Type : ACT_GATHER_INFO |
| 2012-01-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1341-1.nasl - Type : ACT_GATHER_INFO |
| 2012-01-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1332-1.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7666.nasl - Type : ACT_GATHER_INFO |
| 2011-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1256-1.nasl - Type : ACT_GATHER_INFO |
| 2011-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7734.nasl - Type : ACT_GATHER_INFO |
| 2011-09-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1218-1.nasl - Type : ACT_GATHER_INFO |
| 2011-09-27 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1216-1.nasl - Type : ACT_GATHER_INFO |
| 2011-09-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1208-1.nasl - Type : ACT_GATHER_INFO |
| 2011-09-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1203-1.nasl - Type : ACT_GATHER_INFO |
| 2011-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1193-1.nasl - Type : ACT_GATHER_INFO |
| 2011-07-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-110718.nasl - Type : ACT_GATHER_INFO |
| 2011-06-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2264.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:01:38 |
|
| 2024-11-28 12:25:53 |
|
| 2024-08-02 12:16:40 |
|
| 2024-08-02 01:04:43 |
|
| 2024-02-02 01:16:11 |
|
| 2024-02-01 12:04:37 |
|
| 2023-11-07 21:47:00 |
|
| 2023-09-05 12:15:10 |
|
| 2023-09-05 01:04:29 |
|
| 2023-09-02 12:15:14 |
|
| 2023-09-02 01:04:33 |
|
| 2023-08-12 12:18:23 |
|
| 2023-08-12 01:04:34 |
|
| 2023-08-11 12:15:19 |
|
| 2023-08-11 01:04:42 |
|
| 2023-08-06 12:14:43 |
|
| 2023-08-06 01:04:34 |
|
| 2023-08-04 12:14:48 |
|
| 2023-08-04 01:04:35 |
|
| 2023-07-14 12:14:47 |
|
| 2023-07-14 01:04:33 |
|
| 2023-03-29 01:16:42 |
|
| 2023-03-28 12:04:39 |
|
| 2023-02-13 09:28:47 |
|
| 2022-10-11 12:13:10 |
|
| 2022-10-11 01:04:18 |
|
| 2022-03-11 01:10:54 |
|
| 2021-05-25 12:08:18 |
|
| 2021-05-04 12:14:34 |
|
| 2021-04-22 01:15:51 |
|
| 2020-08-11 12:06:20 |
|
| 2020-08-08 01:06:24 |
|
| 2020-08-07 12:06:30 |
|
| 2020-08-07 01:06:34 |
|
| 2020-08-01 12:06:27 |
|
| 2020-07-30 01:06:43 |
|
| 2020-05-23 01:44:36 |
|
| 2020-05-23 00:28:39 |
|
| 2019-01-25 12:03:56 |
|
| 2018-11-17 12:02:28 |
|
| 2018-10-30 12:04:14 |
|
| 2016-12-08 09:23:24 |
|
| 2016-08-23 09:24:42 |
|
| 2016-07-01 11:07:33 |
|
| 2016-06-29 00:20:40 |
|
| 2016-06-28 18:40:48 |
|
| 2016-04-26 20:48:11 |
|
| 2014-06-14 13:30:50 |
|
| 2014-02-17 11:02:49 |
|
| 2013-05-10 23:01:28 |
|
