CVE-2011-2491

MEDIUM

Description

The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.

References

http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b760113a3a155269a3fba93a409c640031dd68f

http://rhn.redhat.com/errata/RHSA-2011-1212.html

http://www.openwall.com/lists/oss-security/2011/06/23/6

https://bugzilla.redhat.com/show_bug.cgi?id=709393

https://github.com/torvalds/linux/commit/0b760113a3a155269a3fba93a409c640031dd68f

Details

Source: MITRE

Published: 2013-03-01

Updated: 2020-07-31

Type: CWE-400

Risk Information

CVSS v2.0

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (35 total)

ID	Name	Product	Family	Severity
89105	VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check)	Nessus	Misc.	high
79507	OracleVM 2.2 : kernel (OVMSA-2013-0039)	Nessus	OracleVM Local Security Checks	critical
76634	RHEL 6 : MRG (RHSA-2011:1253)	Nessus	Red Hat Local Security Checks	high
75880	openSUSE Security Update : kernel (openSUSE-SU-2011:0860-1)	Nessus	SuSE Local Security Checks	high
75555	openSUSE Security Update : kernel (openSUSE-SU-2011:0861-1)	Nessus	SuSE Local Security Checks	high
68421	Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2025)	Nessus	Oracle Linux Local Security Checks	high
68334	Oracle Linux 5 : kernel (ELSA-2011-1212)	Nessus	Oracle Linux Local Security Checks	high
68331	Oracle Linux 6 : kernel (ELSA-2011-1189)	Nessus	Oracle Linux Local Security Checks	high
64015	RHEL 5 : kernel (RHSA-2011:1813)	Nessus	Red Hat Local Security Checks	high
61132	Scientific Linux Security Update : kernel on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
61118	Scientific Linux Security Update : kernel on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
59159	SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7729)	Nessus	SuSE Local Security Checks	critical
59158	SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7665)	Nessus	SuSE Local Security Checks	high
57749	VMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service Console	Nessus	VMware ESX Local Security Checks	high
57213	SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7666)	Nessus	SuSE Local Security Checks	high
57005	Ubuntu 10.04 LTS : linux vulnerabilities (USN-1286-1)	Nessus	Ubuntu Local Security Checks	high
56978	Ubuntu 11.04 : linux vulnerabilities (USN-1285-1)	Nessus	Ubuntu Local Security Checks	high
56949	USN-1281-1 : linux-ti-omap4 vulnerabilities	Nessus	Ubuntu Local Security Checks	high
56947	Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1279-1)	Nessus	Ubuntu Local Security Checks	high
56946	Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1278-1)	Nessus	Ubuntu Local Security Checks	high
56943	Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1269-1)	Nessus	Ubuntu Local Security Checks	high
56916	Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1274-1)	Nessus	Ubuntu Local Security Checks	high
56914	Ubuntu 10.10 : linux vulnerabilities (USN-1272-1)	Nessus	Ubuntu Local Security Checks	high
56913	USN-1271-1 : linux-fsl-imx51 vulnerabilities	Nessus	Ubuntu Local Security Checks	medium
56911	Ubuntu 8.04 LTS : linux vulnerabilities (USN-1268-1)	Nessus	Ubuntu Local Security Checks	high
56768	Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)	Nessus	Ubuntu Local Security Checks	critical
56643	USN-1244-1 : linux-ti-omap4 vulnerabilities	Nessus	Ubuntu Local Security Checks	high
56607	SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7734)	Nessus	SuSE Local Security Checks	critical
56285	Debian DSA-2310-1 : linux-2.6 - privilege escalation/denial of service/information leak	Nessus	Debian Local Security Checks	critical
56271	CentOS 5 : kernel (CESA-2011:1212)	Nessus	CentOS Local Security Checks	high
56130	Debian DSA-2303-2 : linux-2.6 - privilege escalation/denial of service/information leak	Nessus	Debian Local Security Checks	critical
56110	RHEL 5 : kernel (RHSA-2011:1212)	Nessus	Red Hat Local Security Checks	high
55964	RHEL 6 : kernel (RHSA-2011:1189)	Nessus	Red Hat Local Security Checks	high
55686	SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 4884 / 4888 / 4889)	Nessus	SuSE Local Security Checks	high
801509	CentOS RHSA-2011-1212 Security Check	Log Correlation Engine	Generic	high