Vulnerabilities > CVE-2011-4097 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 4 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1380-1.NASL description A flaw was discovered in the TOMOYO LSM last seen 2020-03-18 modified 2012-02-29 plugin id 58170 published 2012-02-29 reporter Ubuntu Security Notice (C) 2012-2020 Canonical, Inc. / NASL script (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58170 title Ubuntu 11.04 : linux vulnerabilities (USN-1380-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1380-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(58170); script_version("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/26"); script_cve_id("CVE-2011-2498", "CVE-2011-2518", "CVE-2011-4097", "CVE-2012-0207"); script_bugtraq_id(48477, 50459, 51343); script_xref(name:"USN", value:"1380-1"); script_name(english:"Ubuntu 11.04 : linux vulnerabilities (USN-1380-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "A flaw was discovered in the TOMOYO LSM's handling of mount system calls. An unprivileged user could oops the system causing a denial of service. (CVE-2011-2518) A bug was discovered in the Linux kernel's calculation of OOM (Out of memory) scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. (CVE-2011-4097) A flaw was found in the linux kernels IPv4 IGMP query processing. A remote attacker could exploit this to cause a denial of service. (CVE-2012-0207). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1380-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2020 Canonical, Inc. / NASL script (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(11\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2011-2498", "CVE-2011-2518", "CVE-2011-4097", "CVE-2012-0207"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1380-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-13-generic", pkgver:"2.6.38-13.56")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-13-generic-pae", pkgver:"2.6.38-13.56")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-13-server", pkgver:"2.6.38-13.56")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-13-versatile", pkgver:"2.6.38-13.56")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"linux-image-2.6.38-13-virtual", pkgver:"2.6.38-13.56")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-generic / linux-image-2.6-generic-pae / etc"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1384-1.NASL description A bug was discovered in the Linux kernel last seen 2020-03-18 modified 2012-03-07 plugin id 58265 published 2012-03-07 reporter Ubuntu Security Notice (C) 2012-2020 Canonical, Inc. / NASL script (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58265 title Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1384-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1384-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(58265); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/02"); script_cve_id("CVE-2011-4097", "CVE-2011-4127", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0055", "CVE-2012-0207", "CVE-2012-2100"); script_bugtraq_id(50459, 51343, 51529); script_xref(name:"USN", value:"1384-1"); script_name(english:"Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1384-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "A bug was discovered in the Linux kernel's calculation of OOM (Out of memory) scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. (CVE-2011-4097) Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. (CVE-2011-4127) A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. (CVE-2011-4622) A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038) Andy Whitcroft discovered a that the Overlayfs filesystem was not doing the extended permission checks needed by cgroups and Linux Security Modules (LSMs). A local user could exploit this to by-pass security policy and access files that should not be accessible. (CVE-2012-0055) A flaw was found in the linux kernels IPv4 IGMP query processing. A remote attacker could exploit this to cause a denial of service. (CVE-2012-0207) A flaw was found in the Linux kernel's ext4 file system when mounting a corrupt filesystem. A user-assisted remote attacker could exploit this flaw to cause a denial of service. (CVE-2012-2100). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1384-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/27"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2020 Canonical, Inc. / NASL script (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2011-4097", "CVE-2011-4127", "CVE-2011-4622", "CVE-2012-0038", "CVE-2012-0055", "CVE-2012-0207", "CVE-2012-2100"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1384-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-3.0.0-16-generic", pkgver:"3.0.0-16.29~lucid1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-3.0.0-16-generic-pae", pkgver:"3.0.0-16.29~lucid1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-3.0.0-16-server", pkgver:"3.0.0-16.29~lucid1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"linux-image-3.0.0-16-virtual", pkgver:"3.0.0-16.29~lucid1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.0-generic / linux-image-3.0-generic-pae / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0333.NASL description Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.1. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages contain the Linux kernel. Security fixes : * SG_IO ioctl SCSI requests on partitions or LVM volumes could be passed to the underlying block device, allowing a privileged user to bypass restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. (CVE-2011-4127, Important) * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A local, unprivileged user could use a flaw in the Performance Events implementation to cause a denial of service. (CVE-2011-2918, Moderate) * A local, unprivileged user could use flaws in the XFS file system implementation to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, CVE-2012-0038, Moderate) * A local, unprivileged user could use a flaw in the Out of Memory (OOM) killer to monopolize memory, have their process skipped by the OOM killer, or cause other tasks to be terminated. (CVE-2011-4097, Moderate) * A local, unprivileged user could use a flaw in the key management facility to cause a denial of service. (CVE-2011-4110, Moderate) * A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2011-4131, Moderate) * A local attacker could use a flaw in the Journaling Block Device (JBD) to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw in igmp_heard_query() could allow an attacker, who is able to send certain IGMP (Internet Group Management Protocol) packets to a target system, to cause a denial of service. (CVE-2012-0207, Moderate) * If lock contention during signal sending occurred when in a software interrupt handler that is using the per-CPU debug stack, the task could be scheduled out on the realtime kernel, possibly leading to debug stack corruption. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-0810, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044; Wang Xi for reporting CVE-2012-0038; Shubham Goyal for reporting CVE-2011-4097; Andy Adamson for reporting CVE-2011-4131; and Simon McVittie for reporting CVE-2012-0207. Bug fixes : * When a sleeping task, waiting on a futex (fast userspace mutex), tried to get the spin_lock(hb->lock) RT-mutex, if the owner of the futex released the lock, the sleeping task was put on a futex proxy lock. Consequently, the sleeping task was blocked on two locks and eventually terminated in the BUG_ON() function. With this update, the WAKEUP_INPROGRESS pseudo-lock has been added to be used as a proxy lock. This pseudo-lock tells the sleeping task that it is being woken up so that the task no longer tries to get the second lock. Now, the futex code works as expected and sleeping tasks no longer crash in the described scenario. (BZ#784733) * When the CONFIG_CRYPTO_FIPS configuration option was disabled, some services such as sshd and ipsec, while working properly, returned warning messages regarding this missing option during start up. With this update, CONFIG_CRYPTO_FIPS has been enabled and no warning messages are now returned in the described scenario. (BZ#786145) * Previously, when a read operation on a loop device failed, the data successfully read from the device was not cleared and could eventually leak. This bug has been fixed and all data are now properly cleared in the described scenario. (BZ#761420) * Due to an assembler-sourced object, the perf utility (from the perf-rt package) for AMD64 and Intel 64 architectures contained an executable stack. This update adds the last seen 2020-06-01 modified 2020-06-02 plugin id 76639 published 2014-07-22 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76639 title RHEL 6 : MRG (RHSA-2012:0333) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0333. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(76639); script_version("1.12"); script_cvs_date("Date: 2020/02/18"); script_cve_id("CVE-2011-2918", "CVE-2011-4077", "CVE-2011-4097", "CVE-2011-4110", "CVE-2011-4127", "CVE-2011-4131", "CVE-2011-4132", "CVE-2012-0038", "CVE-2012-0044", "CVE-2012-0207", "CVE-2012-0810"); script_bugtraq_id(49152, 50370, 50459, 50655, 50663, 50755, 51176, 51343, 51371, 51380, 52182); script_xref(name:"RHSA", value:"2012:0333"); script_name(english:"RHEL 6 : MRG (RHSA-2012:0333)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.1. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages contain the Linux kernel. Security fixes : * SG_IO ioctl SCSI requests on partitions or LVM volumes could be passed to the underlying block device, allowing a privileged user to bypass restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. (CVE-2011-4127, Important) * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A local, unprivileged user could use a flaw in the Performance Events implementation to cause a denial of service. (CVE-2011-2918, Moderate) * A local, unprivileged user could use flaws in the XFS file system implementation to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, CVE-2012-0038, Moderate) * A local, unprivileged user could use a flaw in the Out of Memory (OOM) killer to monopolize memory, have their process skipped by the OOM killer, or cause other tasks to be terminated. (CVE-2011-4097, Moderate) * A local, unprivileged user could use a flaw in the key management facility to cause a denial of service. (CVE-2011-4110, Moderate) * A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2011-4131, Moderate) * A local attacker could use a flaw in the Journaling Block Device (JBD) to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw in igmp_heard_query() could allow an attacker, who is able to send certain IGMP (Internet Group Management Protocol) packets to a target system, to cause a denial of service. (CVE-2012-0207, Moderate) * If lock contention during signal sending occurred when in a software interrupt handler that is using the per-CPU debug stack, the task could be scheduled out on the realtime kernel, possibly leading to debug stack corruption. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-0810, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044; Wang Xi for reporting CVE-2012-0038; Shubham Goyal for reporting CVE-2011-4097; Andy Adamson for reporting CVE-2011-4131; and Simon McVittie for reporting CVE-2012-0207. Bug fixes : * When a sleeping task, waiting on a futex (fast userspace mutex), tried to get the spin_lock(hb->lock) RT-mutex, if the owner of the futex released the lock, the sleeping task was put on a futex proxy lock. Consequently, the sleeping task was blocked on two locks and eventually terminated in the BUG_ON() function. With this update, the WAKEUP_INPROGRESS pseudo-lock has been added to be used as a proxy lock. This pseudo-lock tells the sleeping task that it is being woken up so that the task no longer tries to get the second lock. Now, the futex code works as expected and sleeping tasks no longer crash in the described scenario. (BZ#784733) * When the CONFIG_CRYPTO_FIPS configuration option was disabled, some services such as sshd and ipsec, while working properly, returned warning messages regarding this missing option during start up. With this update, CONFIG_CRYPTO_FIPS has been enabled and no warning messages are now returned in the described scenario. (BZ#786145) * Previously, when a read operation on a loop device failed, the data successfully read from the device was not cleared and could eventually leak. This bug has been fixed and all data are now properly cleared in the described scenario. (BZ#761420) * Due to an assembler-sourced object, the perf utility (from the perf-rt package) for AMD64 and Intel 64 architectures contained an executable stack. This update adds the '.note.GNU-stack' section definition to the bench/mem-memcpy-x86-64-asm.S component of perf, with all flags disabled, and perf no longer contains an executable stack, thus fixing this bug. (BZ#783570)" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2918" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4077" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4097" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4110" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4127" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4131" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4132" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0038" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0044" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0207" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0810" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:0333" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/27"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2011-2918", "CVE-2011-4077", "CVE-2011-4097", "CVE-2011-4110", "CVE-2011-4127", "CVE-2011-4131", "CVE-2011-4132", "CVE-2012-0038", "CVE-2012-0044", "CVE-2012-0207", "CVE-2012-0810"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2012:0333"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:0333"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL6", rpm:"mrg-release"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "MRG"); if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-debuginfo-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-devel-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-common-x86_64-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-devel-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", reference:"kernel-rt-doc-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", reference:"kernel-rt-firmware-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-debuginfo-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-devel-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-debuginfo-3.0.18-rt34.53.el6rt")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-devel-3.0.18-rt34.53.el6rt")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc"); } }
NASL family Fedora Local Security Checks NASL id FEDORA_2011-15856.NASL description Rebase to upstream 3.1.1 kernel Fix boot regression on 64-bit EFI machines Update to the Linux 3.0.8 (2.6.40.8) stable release. Fix assorted security bugs. Bugfix update Update to the latest 3.0.7 stable kernel release which includes a variety of fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56865 published 2011-11-18 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56865 title Fedora 15 : kernel-2.6.41.1-1.fc15 (2011-15856) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-15856. # include("compat.inc"); if (description) { script_id(56865); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:34"); script_cve_id("CVE-2011-1083", "CVE-2011-3347", "CVE-2011-4077", "CVE-2011-4097"); script_bugtraq_id(46630, 50312, 50370, 50459); script_xref(name:"FEDORA", value:"2011-15856"); script_name(english:"Fedora 15 : kernel-2.6.41.1-1.fc15 (2011-15856)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Rebase to upstream 3.1.1 kernel Fix boot regression on 64-bit EFI machines Update to the Linux 3.0.8 (2.6.40.8) stable release. Fix assorted security bugs. Bugfix update Update to the latest 3.0.7 stable kernel release which includes a variety of fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=641789" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=713315" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=713675" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=722509" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=729882" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=733827" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=735946" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=737108" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=742010" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=745241" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=748516" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=748668" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=748691" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=749166" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=749887" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=750402" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-November/069394.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cece6ac7" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC15", reference:"kernel-2.6.41.1-1.fc15")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1363-1.NASL description A bug was discovered in the Linux kernel last seen 2020-03-18 modified 2012-02-14 plugin id 57937 published 2012-02-14 reporter Ubuntu Security Notice (C) 2012-2020 Canonical, Inc. / NASL script (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57937 title Ubuntu 11.10 : linux vulnerabilities (USN-1363-1) NASL family Fedora Local Security Checks NASL id FEDORA_2011-15323.NASL description This update fixes a regression in booting via EFI on some machines. ---------------------------------------------------------------------- -----= Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56697 published 2011-11-03 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56697 title Fedora 16 : kernel-3.1.0-7.fc16 (2011-15323) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1386-1.NASL description The linux kernel did not properly account for PTE pages when deciding which task to kill in out of memory conditions. A local, unprivileged could exploit this flaw to cause a denial of service. (CVE-2011-2498) A flaw was discovered in the TOMOYO LSM last seen 2020-03-18 modified 2012-03-07 plugin id 58267 published 2012-03-07 reporter Ubuntu Security Notice (C) 2012-2020 Canonical, Inc. / NASL script (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58267 title Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1386-1)
Redhat
rpms |
|
Seebug
bulletinFamily | exploit |
description | Bugtraq ID: 50549 CVE ID:CVE-2011-4097 Linux是一款开放源代码的操作系统。 Linux Kernel在/mm/oom_kill.c的实现上存在一个整数溢出漏洞,本地攻击者可利用此漏洞提升特权。此漏洞仅影响64位架构。 Linux kernel 3.0.4 Linux kernel 3.0.1 Linux kernel 2.6.x 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: https://www.lkml.org/lkml/2011/10/31/138 |
id | SSV:23176 |
last seen | 2017-11-19 |
modified | 2011-11-09 |
published | 2011-11-09 |
reporter | Root |
title | Linux Kernel '/mm/oom_kill.c'整数溢出漏洞 |
References
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8
- http://www.openwall.com/lists/oss-security/2011/11/01/2
- https://bugzilla.redhat.com/show_bug.cgi?id=750399
- https://github.com/torvalds/linux/commit/56c6a8a4aadca809e04276eabe5552935c51387f
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8
- https://github.com/torvalds/linux/commit/56c6a8a4aadca809e04276eabe5552935c51387f
- https://bugzilla.redhat.com/show_bug.cgi?id=750399
- http://www.openwall.com/lists/oss-security/2011/11/01/2