CVE-2011-0711

Опубликовано: 01 мар. 2011

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.

Ссылки

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba
http://openwall.com/lists/oss-security/2011/02/16/10
Mailing List
Third Party Advisory
http://openwall.com/lists/oss-security/2011/02/16/4
Mailing List
Third Party Advisory
http://osvdb.org/70950
Broken Link
http://rhn.redhat.com/errata/RHSA-2011-0927.html
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git3.log
Broken Link
http://www.securityfocus.com/bid/46417
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=677260
Issue Tracking
Patch
Third Party Advisory
https://patchwork.kernel.org/patch/555461/
Patch
Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba
http://openwall.com/lists/oss-security/2011/02/16/10
Mailing List
Third Party Advisory
http://openwall.com/lists/oss-security/2011/02/16/4
Mailing List
Third Party Advisory
http://osvdb.org/70950
Broken Link
http://rhn.redhat.com/errata/RHSA-2011-0927.html
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git3.log
Broken Link
http://www.securityfocus.com/bid/46417
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=677260
Issue Tracking
Patch
Third Party Advisory
https://patchwork.kernel.org/patch/555461/
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 2.6.38 (исключая)

cpe:2.3:o:linux:linux_kernel:2.6.38:-:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.38:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.38:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.38:rc5:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:5.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00055

Низкий

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2011-0711

ubuntu

больше 14 лет назад

CVE-2011-0711

redhat

больше 14 лет назад

CVE-2011-0711

debian

больше 14 лет назад

The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel ...

GHSA-3w2w-4v6h-c6q9

github

около 3 лет назад

ELSA-2011-2015

oracle-oval

около 14 лет назад

ELSA-2011-2015: Oracle Linux 6 Unbreakable Enterprise kernel security fix update (IMPORTANT)

EPSS

Процентиль: 17%

0.00055

Низкий

2.1 Low

CVSS2

Дефекты

CWE-200