Action not permitted
Modal body text goes here.
cve-2011-1477
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:28:41.419Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20110325 Re: CVE request: kernel: two OSS fixes", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2011/03/25/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/4d00135a680727f6c3be78f8befaac009030e4df" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4d00135a680727f6c3be78f8befaac009030e4df" }, { "name": "SUSE-SU-2015:0812", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-03-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-05-08T17:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "[oss-security] 20110325 Re: CVE request: kernel: two OSS fixes", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2011/03/25/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/4d00135a680727f6c3be78f8befaac009030e4df" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4d00135a680727f6c3be78f8befaac009030e4df" }, { "name": "SUSE-SU-2015:0812", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1477", "datePublished": "2012-06-21T23:00:00", "dateReserved": "2011-03-21T00:00:00", "dateUpdated": "2024-08-06T22:28:41.419Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2011-1477\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-06-21T23:55:02.240\",\"lastModified\":\"2023-02-13T01:19:10.960\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples errores de \u00edndice de matriz en sound/oss/opl3.c en versiones del kernel de Linux anteriores a v2.6.39 permiten a usuarios locales provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica) o posiblemente obtener privilegios mediante el aprovechamiento del acceso de escritura a /dev/sequencer.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.2},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"},{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6.38.8\",\"matchCriteriaId\":\"57A0A2B0-3B9F-40C2-8C7A-CD9590B51315\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B307E9E6-85D2-42C3-9638-75E3499DEEE4\"}]}]}],\"references\":[{\"url\":\"http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4d00135a680727f6c3be78f8befaac009030e4df\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/03/25/1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/torvalds/linux/commit/4d00135a680727f6c3be78f8befaac009030e4df\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}" } }
var-201206-0031
Vulnerability from variot
Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer. The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page (the "targeted website") via the Internet, a remote attacker could execute arbitrary code on the computer of the visitors (the "victims") who have accessed the website. Fujitsu Accela BizSearch has an input validation vulnerability that allows attackers to perform cross-site scripting attacks. The attacker can construct a malicious WEB page, entice the user to parse, obtain sensitive information or hijack the user session. Linux kernel is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The following products are affected: eAccela BizSearch 1.0 eAccela BizSearch 2.0 eAccela BizSearch 2.1 Accela BizSearch 3.0 Accela BizSearch 3.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2264-1 security@debian.org http://www.debian.org/security/ dann frazier June 18, 2011 http://www.debian.org/security/faq
Package : linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2010-2524 CVE-2010-3875 CVE-2010-4075 CVE-2010-4655 CVE-2011-0695 CVE-2011-0710 CVE-2011-0711 CVE-2011-0726 CVE-2011-1010 CVE-2011-1012 CVE-2011-1017 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1093 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1477 CVE-2011-1493 CVE-2011-1577 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1768 CVE-2011-1776 CVE-2011-2022 CVE-2011-2182 Debian Bug : 618485
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2524
David Howells reported an issue in the Common Internet File System (CIFS).
Local users could cause arbitrary CIFS shares to be mounted by introducing
malicious redirects.
CVE-2010-3875
Vasiliy Kulikov discovered an issue in the Linux implementation of the
Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to
sensitive kernel memory.
CVE-2010-4075
Dan Rosenberg reported an issue in the tty layer that may allow local
users to obtain access to sensitive kernel memory.
CVE-2011-0695
Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can
exploit a race condition to cause a denial of service (kernel panic).
CVE-2011-0710
Al Viro reported an issue in the /proc/<pid>/status interface on the
s390 architecture. Local users could gain access to sensitive memory
in processes they do not own via the task_show_regs entry.
CVE-2011-0711
Dan Rosenberg reported an issue in the XFS filesystem. Local users may
obtain access to sensitive kernel memory.
CVE-2011-0726
Kees Cook reported an issue in the /proc/pid/stat implementation. Local
users could learn the text location of a process, defeating protections
provided by address space layout randomization (ASLR).
CVE-2011-1010
Timo Warns reported an issue in the Linux support for Mac partition tables.
CVE-2011-1012
Timo Warns reported an issue in the Linux support for Mac partition tables.
CVE-2011-1017
Timo Warns reported an issue in the Linux support for LDM partition tables.
Users with physical access can gain access to sensitive kernel memory or
gain elevated privileges by adding a storage device with a specially
crafted LDM partition.
CVE-2011-1078
Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users
can obtain access to sensitive kernel memory.
CVE-2011-1079
Vasiliy Kulikov discovered an issue in the Bluetooth subsystem.
CVE-2011-1080
Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users
can obtain access to sensitive kernel memory.
CVE-2011-1090
Neil Horman discovered a memory leak in the setacl() call on NFSv4
filesystems. Local users can exploit this to cause a denial of service
(Oops).
CVE-2011-1093
Johan Hovold reported an issue in the Datagram Congestion Control Protocol
(DCCP) implementation. Remote users could cause a denial of service by
sending data after closing a socket.
CVE-2011-1160
Peter Huewe reported an issue in the Linux kernel's support for TPM security
chips.
CVE-2011-1163
Timo Warns reported an issue in the kernel support for Alpha OSF format disk
partitions. Users with physical access can gain access to sensitive kernel
memory by adding a storage device with a specially crafted OSF partition.
CVE-2011-1170
Vasiliy Kulikov reported an issue in the Netfilter arp table
implementation.
CVE-2011-1171
Vasiliy Kulikov reported an issue in the Netfilter IP table
implementation.
CVE-2011-1172
Vasiliy Kulikov reported an issue in the Netfilter IP6 table
implementation.
CVE-2011-1173
Vasiliy Kulikov reported an issue in the Acorn Econet protocol
implementation. Local users can obtain access to sensitive kernel memory on
systems that use this rare hardware.
CVE-2011-1180
Dan Rosenberg reported a buffer overflow in the Information Access Service
of the IrDA protocol, used for Infrared devices. Remote attackers within IR
device range can cause a denial of service or possibly gain elevated
privileges.
CVE-2011-1182
Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local
users can generate signals with falsified source pid and uid information.
CVE-2011-1477
Dan Rosenberg reported issues in the Open Sound System driver for cards that
include a Yamaha FM synthesizer chip. This issue does not affect
official Debian Linux image packages as they no longer provide support for
OSS. However, custom kernels built from Debians linux-source-2.6.32 may
have enabled this configuration and would therefore be vulnerable.
CVE-2011-1493
Dan Rosenburg reported two issues in the Linux implementation of the
Amateur Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of
service by providing specially crafted facilities fields.
CVE-2011-1577
Timo Warns reported an issue in the Linux support for GPT partition tables.
Local users with physical access could cause a denial of service (Oops)
by adding a storage device with a malicious partition table header.
CVE-2011-1593
Robert Swiecki reported a signednes issue in the next_pidmap() function,
which can be exploited my local users to cause a denial of service.
CVE-2011-1598
Dave Jones reported an issue in the Broadcast Manager Controller Area
Network (CAN/BCM) protocol that may allow local users to cause a NULL
pointer dereference, resulting in a denial of service.
CVE-2011-1745
Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian
installations, this is exploitable only by users in the video group.
CVE-2011-1746
Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian installations, this is
exploitable only by users in the video group.
CVE-2011-1748
Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw
socket implementation which permits ocal users to cause a NULL pointer
dereference, resulting in a denial of service.
CVE-2011-1759
Dan Rosenberg reported an issue in the support for executing "old ABI"
binaries on ARM processors. Local users can obtain elevated privileges due
to insufficient bounds checking in the semtimedop system call.
CVE-2011-1767
Alexecy Dobriyan reported an issue in the GRE over IP implementation.
Remote users can cause a denial of service by sending a packet during
module initialization.
CVE-2011-1768
Alexecy Dobriyan reported an issue in the IP tunnels implementation.
Remote users can cause a denial of service by sending a packet during
module initialization.
CVE-2011-1776
Timo Warns reported an issue in the Linux implementation for GUID
partitions. Users with physical access can gain access to sensitive kernel
memory by adding a storage device with a specially crafted corrupted
invalid partition table.
CVE-2011-2022
Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian
installations, this is exploitable only by users in the video group.
CVE-2011-2182
Ben Hutchings reported an issue with the fix for CVE-2011-1017 (see above)
that made it insufficient to resolve the issue.
For the oldstable distribution (lenny), this problem has been fixed in version 2.6.26-26lenny3. Updates for arm and hppa are not yet available, but will be released as soon as possible.
The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update:
Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+26lenny3
We recommend that you upgrade your linux-2.6 and user-mode-linux packages. These updates will not become active until after your system is rebooted.
Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJN/Uv8AAoJEBv4PF5U/IZAp7QQAJmbSplvSgno69C0IFRzRgGI FS3B6uq5zNcvucQ4O2u5Zj/rPRef/M2Lxj4Vx/9FQ+4SlV/Ryazu3iknLL2iyc8a 3zZBbo6S/OvhK0Prfd88ItCxXviYJchY91qp7Pm5TOkE1rM43XLhDAi1T1W507tY 2rgqUfWkmN0Xq4Ykh3uySsIH6VkLqC5Ay7n5jXapdf3wJkyl1pg/iu0ndTnHaRTC ByQehIMbj4OOivOcy06lS89Aro+KkgPRaA0lp5enegxUZTs5S5AIo7h6v9U078xr bcUcfrOsiTpVuTRND1L7kQQhPjmIv+UlzFjYuGPbHQxfZRVnVIlB4Ny3jIyN1aBx DMqxGR+novsYIuXAZWlsF17UYQXW5CFe+7aeS06bdaWWemJGkV0Mkfb72fwa3uLz sXlLp6fju2N5RQW7WVfjx89X7SAjKmYwQnCMbo0mwdRfujBNgbkm2xCrDy+QIE23 5BnAY18kXpqaRbXPJB0sy8V99Wnl1ZSRRzX0kOZVecrhKAoCUGPJS2X+bDEtIzhB OWzxcC7P94hega5JYzteSZcyBkGRUj4604NCzD38OdPqqWvR3oWtwDRAKIR7gZ/L PRoDZucqfYV+BhXy/ib55qTo/va5gjmnlUFMP2G/TVQk9XQ/q8TxxefmnQc+Qy3A P/Hlaop/HijmZLuNpJB4 =dXCB -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Frost & Sullivan 2011 Report: Secunia Vulnerability Research \"Frost & Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\" This is just one of the key factors that influenced Frost & Sullivan to select Secunia over other companies. Read the report here: http://secunia.com/products/corporate/vim/fs_request_2011/
TITLE: Accela / eAccela BizSearch Search Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID: SA45105
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45105/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45105
RELEASE DATE: 2011-06-29
DISCUSS ADVISORY: http://secunia.com/advisories/45105/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/45105/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45105
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Accela / eAccela BizSearch, which can be exploited by malicious people to conduct cross-site scripting attacks.
Please see the vendor's advisory for the list of affected versions.
SOLUTION: Contact the vendor for patches.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Fujitsu (Japanese): http://software.fujitsu.com/jp/security/products-fujitsu/solution/bizsearch201103.html
JVN (English): http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002807.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
Software Description: - linux-ti-omap4: Linux kernel for OMAP4
Details:
Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. (CVE-2010-4250)
An error was discovered in the kernel's handling of CUSE (Character device in Userspace). (CVE-2010-4650)
A flaw was found in the kernel's Integrity Measurement Architecture (IMA). Changes made by an attacker might not be discovered by IMA, if SELinux was disabled, and a new IMA rule was loaded. (CVE-2011-0006)
A flaw was found in the Linux Ethernet bridge's handling of IGMP (Internet Group Management Protocol) packets. (CVE-2011-1759)
Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. (CVE-2011-2182)
A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. (CVE-2011-3619)
It was discovered that some import kernel threads can be blocked by a user level process. (CVE-2012-0038)
Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. (CVE-2012-0044)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10: linux-image-2.6.35-903-omap4 2.6.35-903.32
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1394-1 CVE-2010-4250, CVE-2010-4650, CVE-2011-0006, CVE-2011-0716, CVE-2011-1476, CVE-2011-1477, CVE-2011-1759, CVE-2011-1927, CVE-2011-2182, CVE-2011-3619, CVE-2011-4621, CVE-2012-0038, CVE-2012-0044
Package Information: https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.35-903.32 .
CVE-2011-1016
Marek Olšák discovered an issue in the driver for ATI/AMD Radeon video
chips.
This update also includes changes queued for the next point release of Debian 6.0, which also fix various non-security issues. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201206-0031", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "kernel", "scope": "lte", "trust": 1.0, "vendor": "linux", "version": "2.6.38.8" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "accela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "3.1/3.0" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "enterprise edition v3.0l10" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "enterprise edition v3.0l10a" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "enterprise edition v3.0l12" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "enterprise edition v3.1l10" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "enterprise edition v3.2l10v" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "standard edition v3.0l10" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "standard edition v3.0l10a" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "standard edition v3.0l12" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "standard edition v3.1l10" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "standard edition v3.2l10" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "workgroup edition v3.0l10" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "workgroup edition v3.0l10a" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "workgroup edition v3.0l12" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "workgroup edition v3.1l10" }, { "model": "bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "workgroup edition v3.2l10" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "enterprise edition v1.0" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "enterprise edition v2.0" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "enterprise edition v2.0a" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "enterprise edition v2.1" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "enterprise edition v2.1l12" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "standard edition v1.0" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "standard edition v2.0" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "standard edition v2.0a" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "standard edition v2.1" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "standard edition v2.1a" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "standard edition v2.1l12" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "workgroup edition v1.0" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "workgroup edition v2.0" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "workgroup edition v2.0a" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "workgroup edition v2.1" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "workgroup edition v2.1a" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.8, "vendor": "accela", "version": "workgroup edition v2.1l12" }, { "model": "kernel", "scope": "lt", "trust": 0.8, "vendor": "linux", "version": "2.6.39" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.6, "vendor": "fujitsu", "version": "2.1/2.0/1.0" }, { "model": "kernel", "scope": "eq", "trust": 0.6, "vendor": "linux", "version": "2.6.38.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.12" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.2" }, { "model": "kernel 2.6.33-rc4", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "kernel 2.6.33-rc7", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.18.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.11.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17.13" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.34.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.14.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.15.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.14.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.15" }, { "model": "kernel 2.6.36-rc8", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel 2.6.35-rc5", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "linux enterprise high availability extension sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.14.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.16" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.36" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.13.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.13.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.34" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.23.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.12.2" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17.9" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.5" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.23.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.11.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.16.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.12.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.15.5" }, { "model": "kernel -rc5", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.24" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.18.6" }, { "model": "kernel 2.6.33-rc6-git5", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel 2.6.36-rc6", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.33.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.18.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.15.2" }, { "model": "linux enterprise sdk sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.34.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.13.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.16.6" }, { "model": "kernel 2.6.34-rc6", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.11.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.11.9" }, { "model": "kernel 2.6.34-rc2", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.35" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.11.8" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.13" }, { "model": "kernel 2.6.36-rc4", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.14.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.18" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.22" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17.8" }, { "model": "kernel 2.6.35-rc1", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.18.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.23.6" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.16.5" }, { "model": "kernel 2.6.35-rc5-git5", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.11.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.15.4" }, { "model": "kernel 2.6.36-rc5", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.22.7" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "kernel rc3", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.24" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.11.12" }, { "model": "kernel 2.6.34-rc1", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.35.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.11.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.18.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.13.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.4" }, { "model": "kernel 2.6.24-rc1", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.12.1" }, { "model": "enterprise mrg for red hat enterprise linux version", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "v15" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.14.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.15.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.11.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.15" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.18.1" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.11.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.12.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.6" }, { "model": "kernel 2.6.33-rc6", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.22.2" }, { "model": "kernel rc2", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.24" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.10" }, { "model": "kernel -rc4", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.24" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.13" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.3" }, { "model": "kernel 2.6.34-rc5", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.14.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.11.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.35.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.33.7" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.15.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.22.3" }, { "model": "kernel 2.6.36-rc1", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "linux enterprise sdk sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.11.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.8.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.15.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.16.7" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "kernel 2.6.35-rc4", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.33" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.23" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.23.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.14.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.6" }, { "model": "kernel 2.6.33-rc8", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.17" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.12" }, { "model": "linux enterprise real time sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "kernel 2.6.35-rc6", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.27.51" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.0" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.22.4" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.22.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.18.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.18.3" }, { "model": "kernel 2.6.34-rc4", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "kernel 2.6.33-rc5", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.12.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.12.6" }, { "model": "kernel rc2", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.23" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.35.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.13.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.23.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.34.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.17.12" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.16.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.22.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.23.1" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.23.5" }, { "model": "kernel 2.6.34-rc2-git1", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.16.4" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "2.1" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "2.0" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "1.0" }, { "model": "accela bizsearch", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "3.1" }, { "model": "accela bizsearch", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "3.0" }, { "model": "eaccela bizsearch", "scope": "eq", "trust": 0.2, "vendor": "fujitsu", "version": "2.1/2.0/1.0*" } ], "sources": [ { "db": "IVD", "id": "1edccd3a-1f91-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-2492" }, { "db": "BID", "id": "47009" }, { "db": "BID", "id": "48497" }, { "db": "JVNDB", "id": "JVNDB-2010-002807" }, { "db": "JVNDB", "id": "JVNDB-2012-002832" }, { "db": "NVD", "id": "CVE-2011-1477" }, { "db": "CNNVD", "id": "CNNVD-201106-382" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.6.38.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-1477" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Dan Rosenberg", "sources": [ { "db": "BID", "id": "47009" } ], "trust": 0.3 }, "cve": "CVE-2011-1477", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2010-002807", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2011-1477", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": null, "accessVector": null, "authentication": null, "author": "IVD", "availabilityImpact": null, "baseScore": null, "confidentialityImpact": null, "exploitabilityScore": null, "id": "1edccd3a-1f91-11e6-abef-000c29c66e3d", "impactScore": null, "integrityImpact": null, "severity": null, "trust": 0.2, "vectorString": null, "version": "unknown" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-1477", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2010-002807", "trust": 0.8, "value": "Medium" }, { "author": "NVD", "id": "CVE-2011-1477", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201106-382", "trust": 0.6, "value": "LOW" }, { "author": "IVD", "id": "1edccd3a-1f91-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "1edccd3a-1f91-11e6-abef-000c29c66e3d" }, { "db": "JVNDB", "id": "JVNDB-2010-002807" }, { "db": "JVNDB", "id": "JVNDB-2012-002832" }, { "db": "NVD", "id": "CVE-2011-1477" }, { "db": "CNNVD", "id": "CNNVD-201106-382" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer. The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch\u0027s standard search page (the \"targeted website\") via the Internet, a remote attacker could execute arbitrary code on the computer of the visitors (the \"victims\") who have accessed the website. Fujitsu Accela BizSearch has an input validation vulnerability that allows attackers to perform cross-site scripting attacks. The attacker can construct a malicious WEB page, entice the user to parse, obtain sensitive information or hijack the user session. Linux kernel is prone to a local privilege-escalation vulnerability. \nLocal attackers can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nThe following products are affected:\neAccela BizSearch 1.0\neAccela BizSearch 2.0\neAccela BizSearch 2.1\nAccela BizSearch 3.0\nAccela BizSearch 3.1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2264-1 security@debian.org\nhttp://www.debian.org/security/ dann frazier\nJune 18, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : privilege escalation/denial of service/information leak\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-2524 CVE-2010-3875 CVE-2010-4075 CVE-2010-4655 \n CVE-2011-0695 CVE-2011-0710 CVE-2011-0711 CVE-2011-0726\n CVE-2011-1010 CVE-2011-1012 CVE-2011-1017 CVE-2011-1078 \n CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1093 \n CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171\n CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182\n CVE-2011-1477 CVE-2011-1493 CVE-2011-1577 CVE-2011-1593\n CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748\n CVE-2011-1759 CVE-2011-1767 CVE-2011-1768 CVE-2011-1776\n CVE-2011-2022 CVE-2011-2182\nDebian Bug : 618485\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a privilege escalation, denial of service or information leak. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2010-2524\n\n David Howells reported an issue in the Common Internet File System (CIFS). \n Local users could cause arbitrary CIFS shares to be mounted by introducing\n malicious redirects. \n\nCVE-2010-3875\n\n Vasiliy Kulikov discovered an issue in the Linux implementation of the\n Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to\n sensitive kernel memory. \n\nCVE-2010-4075\n\n Dan Rosenberg reported an issue in the tty layer that may allow local\n users to obtain access to sensitive kernel memory. \n \nCVE-2011-0695\n\n Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can\n exploit a race condition to cause a denial of service (kernel panic). \n\nCVE-2011-0710\n\n Al Viro reported an issue in the /proc/\u003cpid\u003e/status interface on the\n s390 architecture. Local users could gain access to sensitive memory\n in processes they do not own via the task_show_regs entry. \n\nCVE-2011-0711\n\n Dan Rosenberg reported an issue in the XFS filesystem. Local users may\n obtain access to sensitive kernel memory. \n\nCVE-2011-0726\n\n Kees Cook reported an issue in the /proc/pid/stat implementation. Local\n users could learn the text location of a process, defeating protections\n provided by address space layout randomization (ASLR). \n\nCVE-2011-1010\n\n Timo Warns reported an issue in the Linux support for Mac partition tables. \n \nCVE-2011-1012\n\n Timo Warns reported an issue in the Linux support for Mac partition tables. \n \nCVE-2011-1017\n \n Timo Warns reported an issue in the Linux support for LDM partition tables. \n Users with physical access can gain access to sensitive kernel memory or\n gain elevated privileges by adding a storage device with a specially\n crafted LDM partition. \n\nCVE-2011-1078\n\n Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users\n can obtain access to sensitive kernel memory. \n\nCVE-2011-1079\n\n Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. \n \nCVE-2011-1080\n\n Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users\n can obtain access to sensitive kernel memory. \n\nCVE-2011-1090\n\n Neil Horman discovered a memory leak in the setacl() call on NFSv4\n filesystems. Local users can exploit this to cause a denial of service\n (Oops). \n\nCVE-2011-1093\n\n Johan Hovold reported an issue in the Datagram Congestion Control Protocol\n (DCCP) implementation. Remote users could cause a denial of service by\n sending data after closing a socket. \n\nCVE-2011-1160\n\n Peter Huewe reported an issue in the Linux kernel\u0027s support for TPM security\n chips. \n\nCVE-2011-1163\n\n Timo Warns reported an issue in the kernel support for Alpha OSF format disk\n partitions. Users with physical access can gain access to sensitive kernel\n memory by adding a storage device with a specially crafted OSF partition. \n\nCVE-2011-1170\n\n Vasiliy Kulikov reported an issue in the Netfilter arp table\n implementation. \n\nCVE-2011-1171\n\n Vasiliy Kulikov reported an issue in the Netfilter IP table\n implementation. \n \nCVE-2011-1172\n\n Vasiliy Kulikov reported an issue in the Netfilter IP6 table\n implementation. \n \nCVE-2011-1173\n\n Vasiliy Kulikov reported an issue in the Acorn Econet protocol\n implementation. Local users can obtain access to sensitive kernel memory on\n systems that use this rare hardware. \n\nCVE-2011-1180\n\n Dan Rosenberg reported a buffer overflow in the Information Access Service\n of the IrDA protocol, used for Infrared devices. Remote attackers within IR\n device range can cause a denial of service or possibly gain elevated\n privileges. \n\nCVE-2011-1182\n\n Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local\n users can generate signals with falsified source pid and uid information. \n\nCVE-2011-1477\n\n Dan Rosenberg reported issues in the Open Sound System driver for cards that\n include a Yamaha FM synthesizer chip. This issue does not affect\n official Debian Linux image packages as they no longer provide support for\n OSS. However, custom kernels built from Debians linux-source-2.6.32 may\n have enabled this configuration and would therefore be vulnerable. \n\nCVE-2011-1493\n\n Dan Rosenburg reported two issues in the Linux implementation of the\n Amateur Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of\n service by providing specially crafted facilities fields. \n\nCVE-2011-1577\n\n Timo Warns reported an issue in the Linux support for GPT partition tables. \n Local users with physical access could cause a denial of service (Oops)\n by adding a storage device with a malicious partition table header. \n\nCVE-2011-1593\n\n Robert Swiecki reported a signednes issue in the next_pidmap() function,\n which can be exploited my local users to cause a denial of service. \n\nCVE-2011-1598\n\n Dave Jones reported an issue in the Broadcast Manager Controller Area\n Network (CAN/BCM) protocol that may allow local users to cause a NULL\n pointer dereference, resulting in a denial of service. \n\nCVE-2011-1745\n\n Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian\n installations, this is exploitable only by users in the video group. \n\nCVE-2011-1746\n\n Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian installations, this is\n exploitable only by users in the video group. \n\nCVE-2011-1748\n\n Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw\n socket implementation which permits ocal users to cause a NULL pointer\n dereference, resulting in a denial of service. \n \nCVE-2011-1759\n\n Dan Rosenberg reported an issue in the support for executing \"old ABI\"\n binaries on ARM processors. Local users can obtain elevated privileges due\n to insufficient bounds checking in the semtimedop system call. \n\nCVE-2011-1767\n\n Alexecy Dobriyan reported an issue in the GRE over IP implementation. \n Remote users can cause a denial of service by sending a packet during\n module initialization. \n\nCVE-2011-1768\n\n Alexecy Dobriyan reported an issue in the IP tunnels implementation. \n Remote users can cause a denial of service by sending a packet during\n module initialization. \n\nCVE-2011-1776\n\n Timo Warns reported an issue in the Linux implementation for GUID\n partitions. Users with physical access can gain access to sensitive kernel\n memory by adding a storage device with a specially crafted corrupted\n invalid partition table. \n\nCVE-2011-2022\n\n Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian\n installations, this is exploitable only by users in the video group. \n\nCVE-2011-2182\n\n Ben Hutchings reported an issue with the fix for CVE-2011-1017 (see above)\n that made it insufficient to resolve the issue. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.26-26lenny3. Updates for arm and hppa are not yet available,\nbut will be released as soon as possible. \n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n Debian 5.0 (lenny)\n user-mode-linux 2.6.26-1um-2+26lenny3\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages. \nThese updates will not become active until after your system is rebooted. \n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support. \nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niQIcBAEBAgAGBQJN/Uv8AAoJEBv4PF5U/IZAp7QQAJmbSplvSgno69C0IFRzRgGI\nFS3B6uq5zNcvucQ4O2u5Zj/rPRef/M2Lxj4Vx/9FQ+4SlV/Ryazu3iknLL2iyc8a\n3zZBbo6S/OvhK0Prfd88ItCxXviYJchY91qp7Pm5TOkE1rM43XLhDAi1T1W507tY\n2rgqUfWkmN0Xq4Ykh3uySsIH6VkLqC5Ay7n5jXapdf3wJkyl1pg/iu0ndTnHaRTC\nByQehIMbj4OOivOcy06lS89Aro+KkgPRaA0lp5enegxUZTs5S5AIo7h6v9U078xr\nbcUcfrOsiTpVuTRND1L7kQQhPjmIv+UlzFjYuGPbHQxfZRVnVIlB4Ny3jIyN1aBx\nDMqxGR+novsYIuXAZWlsF17UYQXW5CFe+7aeS06bdaWWemJGkV0Mkfb72fwa3uLz\nsXlLp6fju2N5RQW7WVfjx89X7SAjKmYwQnCMbo0mwdRfujBNgbkm2xCrDy+QIE23\n5BnAY18kXpqaRbXPJB0sy8V99Wnl1ZSRRzX0kOZVecrhKAoCUGPJS2X+bDEtIzhB\nOWzxcC7P94hega5JYzteSZcyBkGRUj4604NCzD38OdPqqWvR3oWtwDRAKIR7gZ/L\nPRoDZucqfYV+BhXy/ib55qTo/va5gjmnlUFMP2G/TVQk9XQ/q8TxxefmnQc+Qy3A\nP/Hlaop/HijmZLuNpJB4\n=dXCB\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\n\nFrost \u0026 Sullivan 2011 Report: Secunia Vulnerability Research\n\\\"Frost \u0026 Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\\\" This is just one of the key factors that influenced Frost \u0026 Sullivan to select Secunia over other companies. \nRead the report here:\nhttp://secunia.com/products/corporate/vim/fs_request_2011/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAccela / eAccela BizSearch Search Cross-Site Scripting Vulnerability\n\nSECUNIA ADVISORY ID:\nSA45105\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45105/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45105\n\nRELEASE DATE:\n2011-06-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45105/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45105/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45105\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Accela / eAccela BizSearch,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks. \n\nPlease see the vendor\u0027s advisory for the list of affected versions. \n\nSOLUTION:\nContact the vendor for patches. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nFujitsu (Japanese):\nhttp://software.fujitsu.com/jp/security/products-fujitsu/solution/bizsearch201103.html\n\nJVN (English):\nhttp://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002807.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nSoftware Description:\n- linux-ti-omap4: Linux kernel for OMAP4\n\nDetails:\n\nAristide Fattori and Roberto Paleari reported a flaw in the Linux kernel\u0027s\nhandling of IPv4 icmp packets. \n(CVE-2010-4250)\n\nAn error was discovered in the kernel\u0027s handling of CUSE (Character device\nin Userspace). (CVE-2010-4650)\n\nA flaw was found in the kernel\u0027s Integrity Measurement Architecture (IMA). \nChanges made by an attacker might not be discovered by IMA, if SELinux was\ndisabled, and a new IMA rule was loaded. (CVE-2011-0006)\n\nA flaw was found in the Linux Ethernet bridge\u0027s handling of IGMP (Internet\nGroup Management Protocol) packets. (CVE-2011-1759)\n\nBen Hutchings reported a flaw in the kernel\u0027s handling of corrupt LDM\npartitions. (CVE-2011-2182)\n\nA flaw was discovered in the Linux kernel\u0027s AppArmor security interface\nwhen invalid information was written to it. (CVE-2011-3619)\n\nIt was discovered that some import kernel threads can be blocked by a user\nlevel process. (CVE-2012-0038)\n\nChen Haogang discovered an integer overflow that could result in memory\ncorruption. A local unprivileged user could use this to crash the system. \n(CVE-2012-0044)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 10.10:\n linux-image-2.6.35-903-omap4 2.6.35-903.32\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-1394-1\n CVE-2010-4250, CVE-2010-4650, CVE-2011-0006, CVE-2011-0716,\n CVE-2011-1476, CVE-2011-1477, CVE-2011-1759, CVE-2011-1927,\n CVE-2011-2182, CVE-2011-3619, CVE-2011-4621, CVE-2012-0038,\n CVE-2012-0044\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.35-903.32\n. \n\nCVE-2011-1016\n\n Marek Ol\u0161\u00e1k discovered an issue in the driver for ATI/AMD Radeon video\n chips. \n\nThis update also includes changes queued for the next point release of\nDebian 6.0, which also fix various non-security issues. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. If\nyou use linux-restricted-modules, you have to update that package as\nwell to get modules which work with the new kernel version. Unless you\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\nlinux-server, linux-powerpc), a standard system upgrade will automatically\nperform this as well", "sources": [ { "db": "NVD", "id": "CVE-2011-1477" }, { "db": "JVNDB", "id": "JVNDB-2010-002807" }, { "db": "JVNDB", "id": "JVNDB-2012-002832" }, { "db": "CNVD", "id": "CNVD-2011-2492" }, { "db": "BID", "id": "47009" }, { "db": "BID", "id": "48497" }, { "db": "IVD", "id": "1edccd3a-1f91-11e6-abef-000c29c66e3d" }, { "db": "PACKETSTORM", "id": "102430" }, { "db": "PACKETSTORM", "id": "102644" }, { "db": "PACKETSTORM", "id": "110534" }, { "db": "PACKETSTORM", "id": "101680" }, { "db": "PACKETSTORM", "id": "110495" } ], "trust": 4.05 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-1477", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2010-002807", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2011/03/25/1", "trust": 1.6 }, { "db": "BID", "id": "48497", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2011-2492", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-002832", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201106-382", "trust": 0.6 }, { "db": "BID", "id": "47009", "trust": 0.3 }, { "db": "IVD", "id": "1EDCCD3A-1F91-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "45105", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "102430", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "102644", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110534", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101680", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110495", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "1edccd3a-1f91-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-2492" }, { "db": "BID", "id": "47009" }, { "db": "BID", "id": "48497" }, { "db": "JVNDB", "id": "JVNDB-2010-002807" }, { "db": "JVNDB", "id": "JVNDB-2012-002832" }, { "db": "PACKETSTORM", "id": "102430" }, { "db": "PACKETSTORM", "id": "102644" }, { "db": "PACKETSTORM", "id": "110534" }, { "db": "PACKETSTORM", "id": "101680" }, { "db": "PACKETSTORM", "id": "110495" }, { "db": "NVD", "id": "CVE-2011-1477" }, { "db": "CNNVD", "id": "CNNVD-201106-382" } ] }, "id": "VAR-201206-0031", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "1edccd3a-1f91-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-2492" } ], "trust": 1.1666666700000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "1edccd3a-1f91-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-2492" } ] }, "last_update_date": "2023-12-19T22:09:11.160000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.accelatech.com" }, { "title": "bizsearch201103", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/bizsearch201103.html" }, { "title": "ChangeLog-2.6.39", "trust": 0.8, "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/changelog-2.6.39" }, { "title": "sound/oss/opl3: validate voice and channel indexes", "trust": 0.8, "url": "https://github.com/torvalds/linux/commit/4d00135a680727f6c3be78f8befaac009030e4df" }, { "title": "linux/kernel/git/torvalds/linux-2.6.git / commit", "trust": 0.8, "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4d00135a680727f6c3be78f8befaac009030e4df" }, { "title": "Linux Kernel Archives", "trust": 0.8, "url": "http://www.kernel.org" }, { "title": "Fujitsu Accela BizSearch patch for unclear cross-site scripting vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/4290" }, { "title": "linux-3.4.4", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=43488" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2011-2492" }, { "db": "JVNDB", "id": "JVNDB-2010-002807" }, { "db": "JVNDB", "id": "JVNDB-2012-002832" }, { "db": "CNNVD", "id": "CNNVD-201106-382" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 1.0 }, { "problemtype": "CWE-79", "trust": 0.8 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2010-002807" }, { "db": "JVNDB", "id": "JVNDB-2012-002832" }, { "db": "NVD", "id": "CVE-2011-1477" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/changelog-2.6.39" }, { "trust": 1.6, "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3ba=commit%3bh=4d00135a680727f6c3be78f8befaac009030e4df" }, { "trust": 1.6, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" }, { "trust": 1.6, "url": "http://www.openwall.com/lists/oss-security/2011/03/25/1" }, { "trust": 1.6, "url": "https://github.com/torvalds/linux/commit/4d00135a680727f6c3be78f8befaac009030e4df" }, { "trust": 1.0, "url": "http://jvndb.jvn.jp/en/contents/2010/jvndb-2010-002807.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1477" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1477" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1477" }, { "trust": 0.3, "url": "http://www.linux.org/" }, { "trust": 0.3, "url": "http://marc.info/?l=linux-kernel\u0026m=130089499728386\u0026w=2" }, { "trust": 0.3, "url": "http://permalink.gmane.org/gmane.comp.security.oss.general/4609" }, { "trust": 0.3, "url": "http://www.fujitsu.com/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1476" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0711" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1172" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0726" }, { "trust": 0.2, "url": "http://www.debian.org/security/faq" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1593" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1163" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1090" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1173" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1170" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1078" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1493" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1080" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1160" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0695" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3875" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1171" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1079" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1180" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2182" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4075" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0710" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1577" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1010" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4655" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1093" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2524" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1012" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/fs_request_2011/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/45105/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/45105/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45105" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/bizsearch201103.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4650" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1927" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1394-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0716" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3619" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0044" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0038" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0006" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4250" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1759" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.35-903.32" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1598" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1585" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1745" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1495" }, { "trust": 0.1, "url": "http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.32-34/changelog" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1494" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1478" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1016" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1746" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux/2.6.24-31.99" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4324" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0028" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1390-1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2011-2492" }, { "db": "BID", "id": "47009" }, { "db": "BID", "id": "48497" }, { "db": "JVNDB", "id": "JVNDB-2012-002832" }, { "db": "PACKETSTORM", "id": "102430" }, { "db": "PACKETSTORM", "id": "102644" }, { "db": "PACKETSTORM", "id": "110534" }, { "db": "PACKETSTORM", "id": "101680" }, { "db": "PACKETSTORM", "id": "110495" }, { "db": "NVD", "id": "CVE-2011-1477" }, { "db": "CNNVD", "id": "CNNVD-201106-382" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "1edccd3a-1f91-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-2492" }, { "db": "BID", "id": "47009" }, { "db": "BID", "id": "48497" }, { "db": "JVNDB", "id": "JVNDB-2010-002807" }, { "db": "JVNDB", "id": "JVNDB-2012-002832" }, { "db": "PACKETSTORM", "id": "102430" }, { "db": "PACKETSTORM", "id": "102644" }, { "db": "PACKETSTORM", "id": "110534" }, { "db": "PACKETSTORM", "id": "101680" }, { "db": "PACKETSTORM", "id": "110495" }, { "db": "NVD", "id": "CVE-2011-1477" }, { "db": "CNNVD", "id": "CNNVD-201106-382" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-06-30T00:00:00", "db": "IVD", "id": "1edccd3a-1f91-11e6-abef-000c29c66e3d" }, { "date": "2011-06-30T00:00:00", "db": "CNVD", "id": "CNVD-2011-2492" }, { "date": "2011-03-23T00:00:00", "db": "BID", "id": "47009" }, { "date": "2011-06-29T00:00:00", "db": "BID", "id": "48497" }, { "date": "2011-06-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002807" }, { "date": "2012-06-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-002832" }, { "date": "2011-06-19T20:36:32", "db": "PACKETSTORM", "id": "102430" }, { "date": "2011-06-29T09:00:20", "db": "PACKETSTORM", "id": "102644" }, { "date": "2012-03-07T23:14:40", "db": "PACKETSTORM", "id": "110534" }, { "date": "2011-05-25T14:08:37", "db": "PACKETSTORM", "id": "101680" }, { "date": "2012-03-07T00:01:40", "db": "PACKETSTORM", "id": "110495" }, { "date": "2012-06-21T23:55:02.240000", "db": "NVD", "id": "CVE-2011-1477" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201106-382" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-06-30T00:00:00", "db": "CNVD", "id": "CNVD-2011-2492" }, { "date": "2015-03-19T08:31:00", "db": "BID", "id": "47009" }, { "date": "2011-06-29T00:00:00", "db": "BID", "id": "48497" }, { "date": "2011-06-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2010-002807" }, { "date": "2012-06-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-002832" }, { "date": "2023-02-13T01:19:10.960000", "db": "NVD", "id": "CVE-2011-1477" }, { "date": "2023-02-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201106-382" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "47009" }, { "db": "PACKETSTORM", "id": "110495" }, { "db": "CNNVD", "id": "CNNVD-201106-382" } ], "trust": 1.0 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fujitsu Accela BizSearch Unknown Cross-Site Scripting Vulnerability", "sources": [ { "db": "IVD", "id": "1edccd3a-1f91-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2011-2492" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201106-382" } ], "trust": 0.6 } }
gsd-2011-1477
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2011-1477", "description": "Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.", "id": "GSD-2011-1477", "references": [ "https://www.suse.com/security/cve/CVE-2011-1477.html", "https://www.debian.org/security/2011/dsa-2264", "https://www.debian.org/security/2011/dsa-2240" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2011-1477" ], "details": "Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.", "id": "GSD-2011-1477", "modified": "2023-12-13T01:19:07.529148Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1477", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_affected": "=", "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", "refsource": "MISC", "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" }, { "name": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html", "refsource": "MISC", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" }, { "name": "http://www.openwall.com/lists/oss-security/2011/03/25/1", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2011/03/25/1" }, { "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4d00135a680727f6c3be78f8befaac009030e4df", "refsource": "MISC", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4d00135a680727f6c3be78f8befaac009030e4df" }, { "name": "https://github.com/torvalds/linux/commit/4d00135a680727f6c3be78f8befaac009030e4df", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/4d00135a680727f6c3be78f8befaac009030e4df" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.6.38.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1477" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-264" }, { "lang": "en", "value": "CWE-119" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/torvalds/linux/commit/4d00135a680727f6c3be78f8befaac009030e4df", "refsource": "CONFIRM", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/4d00135a680727f6c3be78f8befaac009030e4df" }, { "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", "refsource": "CONFIRM", "tags": [ "Broken Link" ], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" }, { "name": "[oss-security] 20110325 Re: CVE request: kernel: two OSS fixes", "refsource": "MLIST", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.openwall.com/lists/oss-security/2011/03/25/1" }, { "name": "SUSE-SU-2015:0812", "refsource": "SUSE", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" }, { "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4d00135a680727f6c3be78f8befaac009030e4df", "refsource": "MISC", "tags": [], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4d00135a680727f6c3be78f8befaac009030e4df" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false } }, "lastModifiedDate": "2023-02-13T01:19Z", "publishedDate": "2012-06-21T23:55Z" } } }
ghsa-9cxg-mgw2-24vg
Vulnerability from github
Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.
{ "affected": [], "aliases": [ "CVE-2011-1477" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2012-06-21T23:55:00Z", "severity": "HIGH" }, "details": "Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.", "id": "GHSA-9cxg-mgw2-24vg", "modified": "2022-05-17T00:22:01Z", "published": "2022-05-17T00:22:01Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1477" }, { "type": "WEB", "url": "https://github.com/torvalds/linux/commit/4d00135a680727f6c3be78f8befaac009030e4df" }, { "type": "WEB", "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" }, { "type": "WEB", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4d00135a680727f6c3be78f8befaac009030e4df" }, { "type": "WEB", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4d00135a680727f6c3be78f8befaac009030e4df" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2011/03/25/1" } ], "schema_version": "1.4.0", "severity": [] }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.