Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1477

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2011-1477
Last Modified 11 May 2015 09:59:21
Published 21 Jun 2012 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-1477

Summary

Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.38

  • Linux Kernel 2.6.38.1

  • Linux Kernel 2.6.38.2

  • Linux Kernel 2.6.38.3

  • Linux Kernel 2.6.38.4

  • Linux Kernel 2.6.38.5

  • Linux Kernel 2.6.38.6

  • Linux Kernel 2.6.38.7

  • Linux Kernel 2.6.38.8


References

CONFIRM - https://github.com/torvalds/linux/commit/4d00135a680727f6c3be78f8befaac009030e4df

MLIST - [oss-security] 20110325 Re: CVE request: kernel: two OSS fixes

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4d00135a680727f6c3be78f8befaac009030e4df

CONFIRM - http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39

SUSE - SUSE-SU-2015:0812


Last Updated: 27 May 2016 10:56:34