CVE-2011-1083

MEDIUM

Description

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.

References

http://article.gmane.org/gmane.linux.kernel/1105744

http://article.gmane.org/gmane.linux.kernel/1105888

http://article.gmane.org/gmane.linux.kernel/1106686

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html

http://openwall.com/lists/oss-security/2011/03/02/1

http://openwall.com/lists/oss-security/2011/03/02/2

http://rhn.redhat.com/errata/RHSA-2012-0862.html

http://secunia.com/advisories/43522

http://secunia.com/advisories/48115

http://secunia.com/advisories/48410

http://secunia.com/advisories/48898

http://secunia.com/advisories/48964

http://www.osvdb.org/71265

https://bugzilla.redhat.com/show_bug.cgi?id=681578

Details

Source: MITRE

Published: 2011-04-04

Updated: 2020-08-12

Type: CWE-400

Risk Information

CVSS v2.0

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 2.6.37.2 (inclusive)

Configuration 2

OR

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
83611SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)NessusSuSE Local Security Checks
high
79507OracleVM 2.2 : kernel (OVMSA-2013-0039)NessusOracleVM Local Security Checks
critical
79283RHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)NessusRed Hat Local Security Checks
high
74801openSUSE Security Update : kernel (openSUSE-SU-2012:1439-1)NessusSuSE Local Security Checks
critical
74658openSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1)NessusSuSE Local Security Checks
critical
74604openSUSE Security Update : kernel (openSUSE-SU-2012:0540-1)NessusSuSE Local Security Checks
critical
69590Amazon Linux AMI : kernel (ALAS-2012-100)NessusAmazon Linux Local Security Checks
medium
69581Amazon Linux AMI : kernel (ALAS-2011-22)NessusAmazon Linux Local Security Checks
medium
68679Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2026)NessusOracle Linux Local Security Checks
medium
68678Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2025)NessusOracle Linux Local Security Checks
medium
68554Oracle Linux 6 : kernel (ELSA-2012-0862)NessusOracle Linux Local Security Checks
medium
68468Oracle Linux 5 : kernel (ELSA-2012-0150)NessusOracle Linux Local Security Checks
medium
64173SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 6227 / 6229 / 6230)NessusSuSE Local Security Checks
high
64050RHEL 6 : kernel (RHSA-2012:1129)NessusRed Hat Local Security Checks
high
59925CentOS 6 : kernel (CESA-2012:0862)NessusCentOS Local Security Checks
medium
59590RHEL 6 : kernel (RHSA-2012:0862)NessusRed Hat Local Security Checks
medium
58845SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172)NessusSuSE Local Security Checks
critical
58052RHEL 5 : kernel (RHSA-2012:0150)NessusRed Hat Local Security Checks
medium
56865Fedora 15 : kernel-2.6.41.1-1.fc15 (2011-15856)NessusFedora Local Security Checks
medium
56721Fedora 14 : kernel-2.6.35.14-103.fc14 (2011-15241)NessusFedora Local Security Checks
medium
55591Ubuntu 11.04 : linux vulnerabilities (USN-1167-1)NessusUbuntu Local Security Checks
high
55454Ubuntu 10.10 : linux vulnerabilities (USN-1160-1)NessusUbuntu Local Security Checks
high
55104Ubuntu 10.04 LTS : linux, linux-ec2 vulnerabilities (USN-1141-1)NessusUbuntu Local Security Checks
high
801520CentOS RHSA-2012-0862 Security CheckLog Correlation EngineGeneric
high