← back
CVE-2011-2189

CVE-2011-2189

EPSS 17.8%
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/36425unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629373http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2b035b39970740722598f7a9d548835f9bdd730fhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f875bae065334907796da12523f9df85c89f5712http://ie.archive.ubuntu.com/linux/kernel/v2.6/ChangeLog-2.6.33http://kerneltrap.org/mailarchive/git-commits-head/2009/12/8/15289http://neil.brown.name/git?p=linux-2.6%3Ba=patch%3Bh=2b035b39970740722598f7a9d548835f9bdd730fhttp://patchwork.ozlabs.org/patch/88217/https://bugs.launchpad.net/ubuntu/+source/linux/+bug/720095https://bugzilla.redhat.com/show_bug.cgi?id=711134https://bugzilla.redhat.com/show_bug.cgi?id=711245http://www.debian.org/security/2011/dsa-2305http://www.openwall.com/lists/oss-security/2011/06/06/10