7.8

CVE-2011-2189

Exploit
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 2.6.32
RedhatEnterprise Linux Version6.0
RedhatEnterprise Mrg Version2.0
CanonicalUbuntu Linux Version10.04
CanonicalUbuntu Linux Version10.10
CanonicalUbuntu Linux Version11.04
CanonicalUbuntu Linux Version11.10
DebianDebian Linux Version5.0
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 17.84% 0.968
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

http://www.debian.org/security/2011/dsa-2305
Third Party Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629373
Third Party Advisory
Exploit
Mailing List
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2b035b39970740722598f7a9d548835f9bdd730f
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f875bae065334907796da12523f9df85c89f5712
http://ie.archive.ubuntu.com/linux/kernel/v2.6/ChangeLog-2.6.33
Broken Link
http://kerneltrap.org/mailarchive/git-commits-head/2009/12/8/15289
Broken Link
http://neil.brown.name/git?p=linux-2.6%3Ba=patch%3Bh=2b035b39970740722598f7a9d548835f9bdd730f
http://patchwork.ozlabs.org/patch/88217/
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2011/06/06/10
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2011/06/06/20
Third Party Advisory
Mailing List
http://www.ubuntu.com/usn/USN-1288-1
Third Party Advisory
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/720095
Third Party Advisory
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=711134
Third Party Advisory
Exploit
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=711245
Patch
Third Party Advisory
Exploit
Issue Tracking