Computer Security
[EN] securityvulns.ru no-pyccku


Linux kernel security vulnerabilities
Published:13.09.2011
Source:
SecurityVulns ID:11905
Type:remote
Threat Level:
7/10
Description:Predictable TCP ISN numbers, CIFS client memory corruption.
Affected:LINUX : kernel 2.6
CVE:CVE-2011-3191 (Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.)
 CVE-2011-3188 (The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression (13.09.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod