Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2182

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2011-2182
Last Modified 13 Jun 2012 12:00:00
Published 13 Jun 2012 06:24:54
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-2182

Summary

The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1017.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.39


References

CONFIRM - https://github.com/torvalds/linux/commit/cae13fe4cc3f24820ffb990c09110626837e85d4

MLIST - [oss-security] 20110605 Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cae13fe4cc3f24820ffb990c09110626837e85d4

CONFIRM - http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.1

Related Patches

Novell SUSE 2011:4884 kernel security update for SLE 11 SP1 i586


Last Updated: 27 May 2016 10:56:30