CVE-2011-2189
published 2011-10-10CVE-2011-2189: net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes…
PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
17.84%
96.8th percentile
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | vsftpd | < vsftpd 2.3.4-1 (bookworm) | vsftpd 2.3.4-1 (bookworm) |
| linux | linux_kernel | <= 2.6.32 | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_mrg | — | — |
| vsftpd_project | vsftpd | >= 0 < 2.3.4-1 | 2.3.4-1 |
| vsftpd_project | vsftpd | >= 0 < 2.3.4-1 | 2.3.4-1 |
| vsftpd_project | vsftpd | >= 0 < 2.3.4-1 | 2.3.4-1 |
| vsftpd_project | vsftpd | >= 0 < 2.3.4-1 | 2.3.4-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cwc9-v946-jvqj: net/core/net_namespace
ghsa_unreviewed·2022-05-13
CVE-2011-2189 [HIGH] CWE-400 GHSA-cwc9-v946-jvqj: net/core/net_namespace
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
OSV
CVE-2011-2189: net/core/net_namespace
osv·2011-10-10·CVSS 7.5
CVE-2011-2189 [HIGH] CVE-2011-2189: net/core/net_namespace
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
Ubuntu
vsftpd vulnerability
vendor_ubuntu·2011-12-07
CVE-2011-2189 vsftpd vulnerability
Title: vsftpd vulnerability
Summary: Vsftpd or other applications could be made to crash if vsftpd received
specially crafted network traffic.
It was discovered that the 2.6.35 and earlier Linux kernel does not
properly handle a high rate of creation and cleanup of network namespaces,
which makes it easier for remote attackers to cause a denial of service
(memory consumption) in applications that require a separate namespace per
connection, like vsftpd. This update adjusts vsftpd to only use network
namespaces on kernels that are known to be not affected.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
kernel: net_ns: oom killer fires because of slow net_ns cleanup
vendor_redhat·2011-02-16·CVSS 7.5
CVE-2011-2189 [HIGH] kernel: net_ns: oom killer fires because of slow net_ns cleanup
kernel: net_ns: oom killer fires because of slow net_ns cleanup
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
Statement: This did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not include support for Network Namespaces. A future kernel update in Red Hat Enterprise MRG may address this issue. The risks associated with fixing this flaw outweigh the benefits of the fix, therefore Red Hat does not plan to fix this flaw in Red Hat Enterprise Linu
Debian
CVE-2011-2189: vsftpd - net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properl...
vendor_debian·2011·CVSS 7.5
CVE-2011-2189 [HIGH] CVE-2011-2189: vsftpd - net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properl...
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
Scope: local
bookworm: resolved (fixed in 2.3.4-1)
bullseye: resolved (fixed in 2.3.4-1)
forky: resolved (fixed in 2.3.4-1)
sid: resolved (fixed in 2.3.4-1)
trixie: resolved (fixed in 2.3.4-1)
No detection rules found.
Bugzilla
CVE-2011-2189 kernel: net_ns: oom killer fires because of slow net_ns cleanup [fedora-all]
bugzilla·2011-10-26·CVSS 7.5
CVE-2011-2189 [HIGH] CVE-2011-2189 kernel: net_ns: oom killer fires because of slow net_ns cleanup [fedora-all]
CVE-2011-2189 kernel: net_ns: oom killer fires because of slow net_ns cleanup [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/
Bugzilla
CVE-2011-2189 kernel: net_ns: oom killer fires because of slow net_ns cleanup
bugzilla·2011-06-06·CVSS 7.5
CVE-2011-2189 [HIGH] CVE-2011-2189 kernel: net_ns: oom killer fires because of slow net_ns cleanup
CVE-2011-2189 kernel: net_ns: oom killer fires because of slow net_ns cleanup
It was found that vsftpd, Very Secure FTP daemon, when the network namespace (CONFIG_NET_NS) support was activated in the kernel, used to create a new network namespace per connection. A remote attacker could use this flaw to cause memory pressure (kernel OOM killer protection mechanism to be activated and potentially terminate vsftpd or arbitrary [vsftpd independent] process, which satisfied the OOM killer process selection algorithm).
References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629373
[2] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/720095
Public PoC (from [2]):
The test is started in this way:
$ for i in 1 2 3 4 5 6 7 8 ; do ./feedftp $i >/dev/null & done
What is observed dur
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629373http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2b035b39970740722598f7a9d548835f9bdd730fhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f875bae065334907796da12523f9df85c89f5712http://ie.archive.ubuntu.com/linux/kernel/v2.6/ChangeLog-2.6.33http://kerneltrap.org/mailarchive/git-commits-head/2009/12/8/15289http://neil.brown.name/git?p=linux-2.6%3Ba=patch%3Bh=2b035b39970740722598f7a9d548835f9bdd730fhttp://patchwork.ozlabs.org/patch/88217/http://www.debian.org/security/2011/dsa-2305http://www.openwall.com/lists/oss-security/2011/06/06/10http://www.openwall.com/lists/oss-security/2011/06/06/20http://www.ubuntu.com/usn/USN-1288-1https://bugs.launchpad.net/ubuntu/+source/linux/+bug/720095https://bugzilla.redhat.com/show_bug.cgi?id=711134https://bugzilla.redhat.com/show_bug.cgi?id=711245http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629373http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2b035b39970740722598f7a9d548835f9bdd730fhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f875bae065334907796da12523f9df85c89f5712http://ie.archive.ubuntu.com/linux/kernel/v2.6/ChangeLog-2.6.33http://kerneltrap.org/mailarchive/git-commits-head/2009/12/8/15289http://neil.brown.name/git?p=linux-2.6%3Ba=patch%3Bh=2b035b39970740722598f7a9d548835f9bdd730fhttp://patchwork.ozlabs.org/patch/88217/http://www.debian.org/security/2011/dsa-2305http://www.openwall.com/lists/oss-security/2011/06/06/10http://www.openwall.com/lists/oss-security/2011/06/06/20http://www.ubuntu.com/usn/USN-1288-1https://bugs.launchpad.net/ubuntu/+source/linux/+bug/720095https://bugzilla.redhat.com/show_bug.cgi?id=711134https://bugzilla.redhat.com/show_bug.cgi?id=711245
2011-10-10
Published