Back to search
CVE-2011-2189
Published: Oct 10, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.redhat.com/show_bug.cgi?id=711245
x_refsource_CONFIRM
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/720095
x_refsource_CONFIRM
[oss-security] 20110606 Re: CVE Request -- vsftpd -- Do not create network namespace per connection
mailing-list
x_refsource_MLIST
[oss-security] 20110606 Re: CVE Request -- vsftpd -- Do not create network namespace per connection
mailing-list
x_refsource_MLIST
http://ie.archive.ubuntu.com/linux/kernel/v2.6/ChangeLog-2.6.33
x_refsource_CONFIRM
DSA-2305
vendor-advisory
x_refsource_DEBIAN
http://patchwork.ozlabs.org/patch/88217/
x_refsource_CONFIRM
[git-commits-head] 20091208 net: Automatically allocate per namespace data.
mailing-list
x_refsource_MLIST
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629373
x_refsource_CONFIRM
USN-1288-1
vendor-advisory
x_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=711134
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now