{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-04-05T00:00:00", "descriptions": [{"lang": "en", "value": "The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-09-22T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[linux-cifs] 20110405 Re: Repeatable crash in 2.6.38 related to O_DIRECT", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=linux-cifs&m=130204730006155&w=2"}, {"name": "[linux-cifs] 20110405 Repeatable crash in 2.6.38 related to O_DIRECT", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=linux-cifs&m=130204357001849&w=2"}, {"name": "[oss-security] 20110509 CVE-2011-1771 kernel: cifs oops when creating file with O_DIRECT set", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/05/09/2"}, {"name": "8367", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8367"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703016"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7797069305d13252fd66cf722aa8f2cbeb3c95cd"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:37:25.776Z"}, "title": "CVE Program Container", "references": [{"name": "[linux-cifs] 20110405 Re: Repeatable crash in 2.6.38 related to O_DIRECT", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=linux-cifs&m=130204730006155&w=2"}, {"name": "[linux-cifs] 20110405 Repeatable crash in 2.6.38 related to O_DIRECT", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=linux-cifs&m=130204357001849&w=2"}, {"name": "[oss-security] 20110509 CVE-2011-1771 kernel: cifs oops when creating file with O_DIRECT set", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/05/09/2"}, {"name": "8367", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8367"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703016"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7797069305d13252fd66cf722aa8f2cbeb3c95cd"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1771", "datePublished": "2011-09-06T16:00:00", "dateReserved": "2011-04-19T00:00:00", "dateUpdated": "2024-08-06T22:37:25.776Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "176353CE-F17E-4776-AD9F-19014DA75B76", "versionEndExcluding": "2.6.39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem."}, {"lang": "es", "value": "La funci\u00f3n cifs_close en fs/cifs/file.c en el kernel de Linux antes de su versi\u00f3n v2.6.39 permite a usuarios locales provocar una denegaci\u00f3n de servicio (puntero a NULL y Error) o posiblemente tener un impacto no especificado estableciendo el flag O_DIRECT durante un intento de abrir un archivo en un sistema de archivos CIFS."}], "id": "CVE-2011-1771", "lastModified": "2023-02-13T04:30:52.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2011-09-06T16:55:07.320", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7797069305d13252fd66cf722aa8f2cbeb3c95cd"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "http://marc.info/?l=linux-cifs&m=130204357001849&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=linux-cifs&m=130204730006155&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://securityreason.com/securityalert/8367"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2011/05/09/2"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703016"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:0836", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-131.2.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-06-01T00:00:00Z"}], "bugzilla": {"description": "kernel: cifs oops when creating file with O_DIRECT set", "id": "703016", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703016"}, "csaw": false, "cvss": {"cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified"}, "details": ["The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem."], "name": "CVE-2011-1771", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:1", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 1"}], "public_date": "2011-04-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-1771\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1771"], "statement": "This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise Linux MRG as they did not backport the upstream commit cdff08e7 that introduced this issue. Future kernel updates for Red Hat Enterprise Linux 6 may address this flaw.", "threat_severity": "Moderate"}