CVE-2011-4131

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bf118a342f10dafe44b14451a1392c3254629a1f

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081280.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html

http://rhn.redhat.com/errata/RHSA-2012-0862.html

http://rhn.redhat.com/errata/RHSA-2012-1541.html

http://secunia.com/advisories/48898

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2

http://www.openwall.com/lists/oss-security/2011/11/12/1

https://bugzilla.redhat.com/show_bug.cgi?id=747106

https://github.com/torvalds/linux/commit/bf118a342f10dafe44b14451a1392c3254629a1f

Details

Source: MITRE

Published: 2012-05-17

Updated: 2017-12-29

Type: CWE-189

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:A/AC:H/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.2

Severity: MEDIUM

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
79484OracleVM 3.1 : kernel-uek (OVMSA-2012-0042)NessusOracleVM Local Security Checks
high
76639RHEL 6 : MRG (RHSA-2012:0333)NessusRed Hat Local Security Checks
medium
69590Amazon Linux AMI : kernel (ALAS-2012-100)NessusAmazon Linux Local Security Checks
medium
68677Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2022)NessusOracle Linux Local Security Checks
medium
68554Oracle Linux 6 : Oracle / Linux / 6 / kernel (ELSA-2012-0862)NessusOracle Linux Local Security Checks
medium
64176SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6453 / 6457)NessusSuSE Local Security Checks
high
64175SuSE 11.2 Security Update : Linux kernel (SAT Patch Number 6463)NessusSuSE Local Security Checks
high
64068RHEL 6 : kernel (RHSA-2012:1541)NessusRed Hat Local Security Checks
medium
63313Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20121218)NessusScientific Linux Local Security Checks
high
61508USN-1530-1 : linux-ti-omap4 vulnerabilitiesNessusUbuntu Local Security Checks
high
59925CentOS 6 : kernel (CESA-2012:0862)NessusCentOS Local Security Checks
medium
59661Fedora 15 : kernel-2.6.43.8-1.fc15 (2012-8931)NessusFedora Local Security Checks
medium
59590RHEL 6 : kernel (RHSA-2012:0862)NessusRed Hat Local Security Checks
medium
59553USN-1476-1 : linux-ti-omap4 vulnerabilitiesNessusUbuntu Local Security Checks
high
59476Ubuntu 11.10 : linux vulnerabilities (USN-1472-1)NessusUbuntu Local Security Checks
high
59475Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1471-1)NessusUbuntu Local Security Checks
high
59474Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1470-1)NessusUbuntu Local Security Checks
high
59321Ubuntu 11.04 : linux vulnerabilities (USN-1457-1)NessusUbuntu Local Security Checks
high
59280Fedora 16 : kernel-3.3.7-1.fc16 (2012-8359)NessusFedora Local Security Checks
medium
59279Fedora 17 : kernel-3.3.7-1.fc17 (2012-8314)NessusFedora Local Security Checks
medium
58845SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172)NessusSuSE Local Security Checks
critical
57076Fedora 15 : kernel-2.6.41.4-1.fc15 (2011-16621)NessusFedora Local Security Checks
medium
56897Fedora 16 : kernel-3.1.1-2.fc16 (2011-15959)NessusFedora Local Security Checks
medium
801520CentOS RHSA-2012-0862 Security CheckLog Correlation EngineGeneric
high