CVE-2011-4131 - The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in G

CVE-2011-4131

Summary

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 13-02-2023 - 04:32)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:A/AC:H/Au:N/C:N/I:N/A:C

redhat via4

advisories

bugzilla

id	824287
title	[REGRESSION] be2iscsi: fix dma free size mismatch

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

comment kernel earlier than 0:2.6.32-279.el6 is currently running
oval oval:com.redhat.rhsa:tst:20120862025
comment kernel earlier than 0:2.6.32-279.el6 is set to boot up on next boot
oval oval:com.redhat.rhsa:tst:20120862026

AND
comment kernel is earlier than 0:2.6.32-279.el6
oval oval:com.redhat.rhsa:tst:20120862001
comment kernel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842002

AND

comment kernel-bootwrapper is earlier than 0:2.6.32-279.el6
oval oval:com.redhat.rhsa:tst:20120862003
comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842004

AND
comment kernel-debug is earlier than 0:2.6.32-279.el6
oval oval:com.redhat.rhsa:tst:20120862005
comment kernel-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842006

AND

comment kernel-debug-devel is earlier than 0:2.6.32-279.el6
oval oval:com.redhat.rhsa:tst:20120862007
comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842008

AND
comment kernel-devel is earlier than 0:2.6.32-279.el6
oval oval:com.redhat.rhsa:tst:20120862009
comment kernel-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842010
AND
comment kernel-doc is earlier than 0:2.6.32-279.el6
oval oval:com.redhat.rhsa:tst:20120862011
comment kernel-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842012

AND

comment kernel-firmware is earlier than 0:2.6.32-279.el6
oval oval:com.redhat.rhsa:tst:20120862013
comment kernel-firmware is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842014

AND

comment kernel-headers is earlier than 0:2.6.32-279.el6
oval oval:com.redhat.rhsa:tst:20120862015
comment kernel-headers is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842016

AND
comment kernel-kdump is earlier than 0:2.6.32-279.el6
oval oval:com.redhat.rhsa:tst:20120862017
comment kernel-kdump is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842018

AND

comment kernel-kdump-devel is earlier than 0:2.6.32-279.el6
oval oval:com.redhat.rhsa:tst:20120862019
comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842020

AND
comment perf is earlier than 0:2.6.32-279.el6
oval oval:com.redhat.rhsa:tst:20120862021
comment perf is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100842022
AND
comment python-perf is earlier than 0:2.6.32-279.el6
oval oval:com.redhat.rhsa:tst:20120862023
comment python-perf is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111530024

rhsa

id	RHSA-2012:0862
released	2012-06-19
severity	Moderate
title	RHSA-2012:0862: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update (Moderate)

rhsa
id RHSA-2012:1541

rpms

kernel-rt-0:3.0.18-rt34.53.el6rt
kernel-rt-debug-0:3.0.18-rt34.53.el6rt
kernel-rt-debug-debuginfo-0:3.0.18-rt34.53.el6rt
kernel-rt-debug-devel-0:3.0.18-rt34.53.el6rt
kernel-rt-debuginfo-0:3.0.18-rt34.53.el6rt
kernel-rt-debuginfo-common-x86_64-0:3.0.18-rt34.53.el6rt
kernel-rt-devel-0:3.0.18-rt34.53.el6rt
kernel-rt-doc-0:3.0.18-rt34.53.el6rt
kernel-rt-firmware-0:3.0.18-rt34.53.el6rt
kernel-rt-trace-0:3.0.18-rt34.53.el6rt
kernel-rt-trace-debuginfo-0:3.0.18-rt34.53.el6rt
kernel-rt-trace-devel-0:3.0.18-rt34.53.el6rt
kernel-rt-vanilla-0:3.0.18-rt34.53.el6rt
kernel-rt-vanilla-debuginfo-0:3.0.18-rt34.53.el6rt
kernel-rt-vanilla-devel-0:3.0.18-rt34.53.el6rt
kernel-0:2.6.32-279.el6
kernel-bootwrapper-0:2.6.32-279.el6
kernel-debug-0:2.6.32-279.el6
kernel-debug-debuginfo-0:2.6.32-279.el6
kernel-debug-devel-0:2.6.32-279.el6
kernel-debuginfo-0:2.6.32-279.el6
kernel-debuginfo-common-i686-0:2.6.32-279.el6
kernel-debuginfo-common-ppc64-0:2.6.32-279.el6
kernel-debuginfo-common-s390x-0:2.6.32-279.el6
kernel-debuginfo-common-x86_64-0:2.6.32-279.el6
kernel-devel-0:2.6.32-279.el6
kernel-doc-0:2.6.32-279.el6
kernel-firmware-0:2.6.32-279.el6
kernel-headers-0:2.6.32-279.el6
kernel-kdump-0:2.6.32-279.el6
kernel-kdump-debuginfo-0:2.6.32-279.el6
kernel-kdump-devel-0:2.6.32-279.el6
perf-0:2.6.32-279.el6
perf-debuginfo-0:2.6.32-279.el6
python-perf-0:2.6.32-279.el6
python-perf-debuginfo-0:2.6.32-279.el6
kernel-0:2.6.32-220.30.1.el6
kernel-bootwrapper-0:2.6.32-220.30.1.el6
kernel-debug-0:2.6.32-220.30.1.el6
kernel-debug-debuginfo-0:2.6.32-220.30.1.el6
kernel-debug-devel-0:2.6.32-220.30.1.el6
kernel-debuginfo-0:2.6.32-220.30.1.el6
kernel-debuginfo-common-i686-0:2.6.32-220.30.1.el6
kernel-debuginfo-common-ppc64-0:2.6.32-220.30.1.el6
kernel-debuginfo-common-s390x-0:2.6.32-220.30.1.el6
kernel-debuginfo-common-x86_64-0:2.6.32-220.30.1.el6
kernel-devel-0:2.6.32-220.30.1.el6
kernel-doc-0:2.6.32-220.30.1.el6
kernel-firmware-0:2.6.32-220.30.1.el6
kernel-headers-0:2.6.32-220.30.1.el6
kernel-kdump-0:2.6.32-220.30.1.el6
kernel-kdump-debuginfo-0:2.6.32-220.30.1.el6
kernel-kdump-devel-0:2.6.32-220.30.1.el6
perf-0:2.6.32-220.30.1.el6
perf-debuginfo-0:2.6.32-220.30.1.el6
python-perf-0:2.6.32-220.30.1.el6
python-perf-debuginfo-0:2.6.32-220.30.1.el6

refmap via4

confirm	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bf118a342f10dafe44b14451a1392c3254629a1f http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2 https://bugzilla.redhat.com/show_bug.cgi?id=747106 https://github.com/torvalds/linux/commit/bf118a342f10dafe44b14451a1392c3254629a1f
fedora	FEDORA-2012-8359
mlist	[oss-security] 20111111 Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops
secunia	48898
suse	SUSE-SU-2012:0554 openSUSE-SU-2013:0925

Last major update

13-02-2023 - 04:32

Published

17-05-2012 - 11:00

Last modified

13-02-2023 - 04:32