ID CVE-2011-0714
Summary Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a packet, related to lockd and the svc_xprt_received function.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6.32:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.32:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
CVSS
Base: 5.7 (as of 22-04-2019 - 17:48)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:A/AC:M/Au:N/C:N/I:N/A:C
redhat via4
advisories
bugzilla
id 678144
title CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment kernel is earlier than 0:2.6.32-71.18.2.el6
        oval oval:com.redhat.rhsa:tst:20110329005
      • comment kernel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842006
    • AND
      • comment kernel-bootwrapper is earlier than 0:2.6.32-71.18.2.el6
        oval oval:com.redhat.rhsa:tst:20110329009
      • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842010
    • AND
      • comment kernel-debug is earlier than 0:2.6.32-71.18.2.el6
        oval oval:com.redhat.rhsa:tst:20110329013
      • comment kernel-debug is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842012
    • AND
      • comment kernel-debug-devel is earlier than 0:2.6.32-71.18.2.el6
        oval oval:com.redhat.rhsa:tst:20110329011
      • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842014
    • AND
      • comment kernel-devel is earlier than 0:2.6.32-71.18.2.el6
        oval oval:com.redhat.rhsa:tst:20110329015
      • comment kernel-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842016
    • AND
      • comment kernel-doc is earlier than 0:2.6.32-71.18.2.el6
        oval oval:com.redhat.rhsa:tst:20110329025
      • comment kernel-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842024
    • AND
      • comment kernel-firmware is earlier than 0:2.6.32-71.18.2.el6
        oval oval:com.redhat.rhsa:tst:20110329021
      • comment kernel-firmware is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842026
    • AND
      • comment kernel-headers is earlier than 0:2.6.32-71.18.2.el6
        oval oval:com.redhat.rhsa:tst:20110329007
      • comment kernel-headers is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842008
    • AND
      • comment kernel-kdump is earlier than 0:2.6.32-71.18.2.el6
        oval oval:com.redhat.rhsa:tst:20110329017
      • comment kernel-kdump is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842018
    • AND
      • comment kernel-kdump-devel is earlier than 0:2.6.32-71.18.2.el6
        oval oval:com.redhat.rhsa:tst:20110329019
      • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842020
    • AND
      • comment perf is earlier than 0:2.6.32-71.18.2.el6
        oval oval:com.redhat.rhsa:tst:20110329023
      • comment perf is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842022
rhsa
id RHSA-2011:0329
released 2011-03-08
severity Important
title RHSA-2011:0329: kernel security update (Important)
rpms
  • kernel-0:2.6.32-71.18.2.el6
  • kernel-bootwrapper-0:2.6.32-71.18.2.el6
  • kernel-debug-0:2.6.32-71.18.2.el6
  • kernel-debug-devel-0:2.6.32-71.18.2.el6
  • kernel-devel-0:2.6.32-71.18.2.el6
  • kernel-doc-0:2.6.32-71.18.2.el6
  • kernel-firmware-0:2.6.32-71.18.2.el6
  • kernel-headers-0:2.6.32-71.18.2.el6
  • kernel-kdump-0:2.6.32-71.18.2.el6
  • kernel-kdump-devel-0:2.6.32-71.18.2.el6
  • perf-0:2.6.32-71.18.2.el6
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=678144
mlist
  • [oss-security] 20110308 CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd
  • [oss-security] 20110309 Re: CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd
Last major update 22-04-2019 - 17:48
Published 04-05-2011 - 22:55
Back to Top