cvelistv5 - cve-2011-1776

CVE-2011-1776 (GCVE-0-2011-1776)

Vulnerability from cvelistv5

Published

2011-09-06 16:00

Modified

2024-08-06 22:37

Severity ?

CWE

Summary

The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2011-0927.html	vendor-advisory, x_refsource_REDHAT
	http://openwall.com/lists/oss-security/2011/05/10/4	mailing-list, x_refsource_MLIST
	http://securityreason.com/securityalert/8369	third-party-advisory, x_refsource_SREASON
	http://www.securityfocus.com/bid/47796	vdb-entry, x_refsource_BID
	http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39	x_refsource_CONFIRM
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa039d5f6b126fbd65eefa05db2f67e44df8f121	x_refsource_CONFIRM
	http://www.pre-cert.de/advisories/PRE-SA-2011-04.txt	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=703026	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:37:25.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2011:0927",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
          },
          {
            "name": "[oss-security] 20110510 Re: CVE request: kernel: validate size of EFI GUID partition entries",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/05/10/4"
          },
          {
            "name": "8369",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8369"
          },
          {
            "name": "47796",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47796"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa039d5f6b126fbd65eefa05db2f67e44df8f121"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.pre-cert.de/advisories/PRE-SA-2011-04.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703026"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-07T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2011:0927",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
        },
        {
          "name": "[oss-security] 20110510 Re: CVE request: kernel: validate size of EFI GUID partition entries",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/05/10/4"
        },
        {
          "name": "8369",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8369"
        },
        {
          "name": "47796",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47796"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa039d5f6b126fbd65eefa05db2f67e44df8f121"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.pre-cert.de/advisories/PRE-SA-2011-04.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703026"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1776",
    "datePublished": "2011-09-06T16:00:00.000Z",
    "dateReserved": "2011-04-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T22:37:25.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2011-AVI-393

Vulnerability from certfr_avis

Plusieurs vulnérabilités affectant le noyau Linux Red Hat ont été corrigées par la mise à jour RHSA-2011:0927.

Description

Un total de 15 vulnérabilités ont été corrigées par la mise à jour Red Hat Linux RHSA-2011:0927 du 15 juillet 2011.

Parmi celles-ci, six sont marquées comme importantes et concernent des vulnérabilités de type déni de service et/ou élévation de privilèges. Quatre sont classifiées comme ayant un impact modéré. Elles ont pour conséquence un déni de service. Les cinq dernières sont considérées comme ayant un impact faible et correspondent à des fuites d'informations ou des dénis de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux EUS (v. 5.6.z server) ;
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux (v. 5 server) ;
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux Long Life (v. 5.6 server).
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux Desktop (v. 5 client) ;

References

Title

Publication Time

Tags

Bulletin de sécurité Red Hat RHSA-2011:0927-1 du 15 juillet 2011	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2011:0927 du 15 juillet 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Red Hat Enterprise Linux EUS (v. 5.6.z server) ;",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux (v. 5 server) ;",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Long Life (v. 5.6 server).",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Desktop (v. 5 client) ;",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUn total de 15 vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es par la mise \u00e0 jour Red\nHat Linux RHSA-2011:0927 du 15 juillet 2011.\n\nParmi celles-ci, six sont marqu\u00e9es comme importantes et concernent des\nvuln\u00e9rabilit\u00e9s de type d\u00e9ni de service et/ou \u00e9l\u00e9vation de privil\u00e8ges.\nQuatre sont classifi\u00e9es comme ayant un impact mod\u00e9r\u00e9. Elles ont pour\ncons\u00e9quence un d\u00e9ni de service. Les cinq derni\u00e8res sont consid\u00e9r\u00e9es\ncomme ayant un impact faible et correspondent \u00e0 des fuites\nd\u0027informations ou des d\u00e9nis de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2213"
    },
    {
      "name": "CVE-2011-1044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1044"
    },
    {
      "name": "CVE-2011-2022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2022"
    },
    {
      "name": "CVE-2011-4649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4649"
    },
    {
      "name": "CVE-2011-1746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1746"
    },
    {
      "name": "CVE-2011-0695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0695"
    },
    {
      "name": "CVE-2011-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1745"
    },
    {
      "name": "CVE-2011-1776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1776"
    },
    {
      "name": "CVE-2011-1936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1936"
    },
    {
      "name": "CVE-2011-1593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1593"
    },
    {
      "name": "CVE-2011-1182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1182"
    },
    {
      "name": "CVE-2011-2492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2492"
    },
    {
      "name": "CVE-2011-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1573"
    },
    {
      "name": "CVE-2011-0711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0711"
    },
    {
      "name": "CVE-2011-1576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1576"
    }
  ],
  "initial_release_date": "2011-07-18T00:00:00",
  "last_revision_date": "2011-07-18T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2011:0927 du 15 juillet    2011 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
    }
  ],
  "reference": "CERTA-2011-AVI-393",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-07-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant le noyau Linux Red Hat ont \u00e9t\u00e9\ncorrig\u00e9es par la mise \u00e0 jour RHSA-2011:0927.\n",
  "title": "Mise \u00e0 jour du noyau Red Hat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2011:0927-1 du 15 juillet 2011",
      "url": null
    }
  ]
}

CERTA-2012-AVI-046

Vulnerability from certfr_avis

Un grand nombre de vulnérabilités, dont certaines permettent d'exécuter du code arbitraire à distance, sont présentes dans VMware ESX et VMware ESXi.

Description

Un grand nombre de vulnérabilités existe dans VMWare ESX et VMware ESXi dont certaines, particulièrement critiques, peuvent conduire à une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	ESXi	VMware ESXi 4.1 ;
	VMware	ESXi	VMware ESX 4.1.

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2012-0001 du 30 janvier 2012	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2012-0001 du 30 janvier 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESXi 4.1 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.1.",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUn grand nombre de vuln\u00e9rabilit\u00e9s existe dans VMWare ESX et VMware ESXi\ndont certaines, particuli\u00e8rement critiques, peuvent conduire \u00e0 une\nex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1170"
    },
    {
      "name": "CVE-2010-1634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1634"
    },
    {
      "name": "CVE-2010-2059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2059"
    },
    {
      "name": "CVE-2011-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2901"
    },
    {
      "name": "CVE-2011-2694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2694"
    },
    {
      "name": "CVE-2011-2213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2213"
    },
    {
      "name": "CVE-2010-4649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4649"
    },
    {
      "name": "CVE-2009-3560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
    },
    {
      "name": "CVE-2011-1494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1494"
    },
    {
      "name": "CVE-2011-1044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1044"
    },
    {
      "name": "CVE-2011-3378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3378"
    },
    {
      "name": "CVE-2011-2022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2022"
    },
    {
      "name": "CVE-2011-1080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1080"
    },
    {
      "name": "CVE-2011-1746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1746"
    },
    {
      "name": "CVE-2011-0695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0695"
    },
    {
      "name": "CVE-2011-2522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2522"
    },
    {
      "name": "CVE-2011-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1745"
    },
    {
      "name": "CVE-2011-1780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1780"
    },
    {
      "name": "CVE-2011-1078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1078"
    },
    {
      "name": "CVE-2010-3493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3493"
    },
    {
      "name": "CVE-2011-1776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1776"
    },
    {
      "name": "CVE-2011-1171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1171"
    },
    {
      "name": "CVE-2011-1936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1936"
    },
    {
      "name": "CVE-2011-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1678"
    },
    {
      "name": "CVE-2011-1593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1593"
    },
    {
      "name": "CVE-2011-1182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1182"
    },
    {
      "name": "CVE-2011-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1093"
    },
    {
      "name": "CVE-2011-2517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2517"
    },
    {
      "name": "CVE-2011-1521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1521"
    },
    {
      "name": "CVE-2011-1763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1763"
    },
    {
      "name": "CVE-2011-2192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2192"
    },
    {
      "name": "CVE-2011-0726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0726"
    },
    {
      "name": "CVE-2011-1015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1015"
    },
    {
      "name": "CVE-2011-2492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2492"
    },
    {
      "name": "CVE-2011-1079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1079"
    },
    {
      "name": "CVE-2011-2525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2525"
    },
    {
      "name": "CVE-2011-2482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2482"
    },
    {
      "name": "CVE-2011-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1573"
    },
    {
      "name": "CVE-2011-1166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1166"
    },
    {
      "name": "CVE-2011-2689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2689"
    },
    {
      "name": "CVE-2010-0787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0787"
    },
    {
      "name": "CVE-2011-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1172"
    },
    {
      "name": "CVE-2011-1163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1163"
    },
    {
      "name": "CVE-2010-2089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2089"
    },
    {
      "name": "CVE-2010-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0547"
    },
    {
      "name": "CVE-2009-3720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
    },
    {
      "name": "CVE-2011-1577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1577"
    },
    {
      "name": "CVE-2011-2519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2519"
    },
    {
      "name": "CVE-2011-1495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1495"
    },
    {
      "name": "CVE-2011-0711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0711"
    },
    {
      "name": "CVE-2011-2491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2491"
    },
    {
      "name": "CVE-2011-1576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1576"
    },
    {
      "name": "CVE-2011-2495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2495"
    }
  ],
  "initial_release_date": "2012-02-01T00:00:00",
  "last_revision_date": "2012-02-01T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0001 du 30 janvier    2012 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0001.html"
    }
  ],
  "reference": "CERTA-2012-AVI-046",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-02-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Un grand nombre de vuln\u00e9rabilit\u00e9s, dont certaines permettent d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance, sont pr\u00e9sentes dans VMware ESX et VMware\nESXi.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans VMware ESX et ESXi",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0001 du 30 janvier 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-518

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Avaya. Les correctifs sont liés à la mise à jour de leurs systèmes Redhat.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
AVAYA	N/A	Avaya Aura Presence Services versions 6.x
AVAYA	N/A	Avaya Aura Communication Manager versions 6.x
AVAYA	N/A	Avaya Proactive Contact versions 5.x
AVAYA	N/A	Avaya IP Office Application Server versions 7.x
AVAYA	N/A	Avaya IP Office Application Server versions 6.x
AVAYA	N/A	Avaya Aura Communication Manager versions 5.x
AVAYA	N/A	Avaya Voice Portal version 5.1
AVAYA	N/A	Avaya IQ versions 5.x
AVAYA	N/A	Avaya Aura System Platform versions 1.x
AVAYA	N/A	Avaya Voice Portal version 5.0
AVAYA	N/A	Avaya Aura Messaging versions 6.x
AVAYA	N/A	Avaya Aura System Platform versions 6.0.x
AVAYA	N/A	Avaya Aura System Manager versions 6.x
AVAYA	N/A	Avaya Voice Portal version 5.1.1
AVAYA	N/A	Avaya Voice Portal version 5.1.2
AVAYA	N/A	Avaya Aura SIP Enablement Services versions 5.x
AVAYA	N/A	Avaya Aurora Session Manager version 6.2
AVAYA	N/A	Avaya IP Office Application Server versions 8.x
AVAYA	N/A	Avaya Aurora Session Manager versions 5.x
AVAYA	N/A	Avaya Aura System Manager versions 5.x
AVAYA	N/A	Avaya Aura Application Enablement Services versions 5.x
AVAYA	N/A	Avaya Aura Experience Portal versions 6.x
AVAYA	N/A	Avaya Meeting Exchange versions 5.x
AVAYA	N/A	Avaya Messaging Storage Server 5.2.x
AVAYA	N/A	Avaya Aura Conferencing Standard Edition versions 6.x
AVAYA	N/A	Avaya Aura Communication Manager versions 4.x
AVAYA	N/A	Avaya Aura Application Server 5300
AVAYA	N/A	Avaya Aurora Session Manager versions 1.x
AVAYA	N/A	Avaya Aurora Session Manager version 6.2.1
AVAYA	N/A	Avaya Communication Server 1000 versions 7.x
AVAYA	N/A	Avaya Aura Application Enablement Services versions 6.x
AVAYA	N/A	Avaya Aurora Session Manager versions 6.0.x
AVAYA	N/A	Avaya Communication Server 1000 versions 6.x
AVAYA	N/A	Avaya Aura System Platform version 6.2
AVAYA	N/A	Avaya Aura Communication Manager Utility Services versions 6.x
AVAYA	N/A	Avaya Aurora Session Manager versions 6.1.x

References

Title

Publication Time

Tags

Bulletins de sécurité Avaya	None	vendor-advisory
Bulletin de sécurité AVAYA du 18 septembre 2012 :	-	other
Bulletin de sécurité AVAYA du 18 septembre 2012 :	-	other
Bulletin de sécurité AVAYA du 19 septembre 2012 :	-	other
Bulletin de sécurité AVAYA du 18 septembre 2012 :	-	other
Bulletin de sécurité AVAYA du 19 septembre 2012 :	-	other
Bulletin de sécurité AVAYA du 18 septembre 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Avaya Aura Presence Services versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Communication Manager versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Proactive Contact versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya IP Office Application Server versions 7.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya IP Office Application Server versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Communication Manager versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Voice Portal version 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya IQ versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura System Platform versions 1.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Voice Portal version 5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Messaging versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura System Platform versions 6.0.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura System Manager versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Voice Portal version 5.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Voice Portal version 5.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura SIP Enablement Services versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aurora Session Manager version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya IP Office Application Server versions 8.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aurora Session Manager versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura System Manager versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Application Enablement Services versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Experience Portal versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Meeting Exchange versions 5.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Messaging Storage Server 5.2.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Conferencing Standard Edition versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Communication Manager versions 4.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Application Server 5300",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aurora Session Manager versions 1.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aurora Session Manager version 6.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Communication Server 1000 versions 7.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Application Enablement Services versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aurora Session Manager versions 6.0.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Communication Server 1000 versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura System Platform version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aura Communication Manager Utility Services versions 6.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    },
    {
      "description": "Avaya Aurora Session Manager versions 6.1.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2213"
    },
    {
      "name": "CVE-2010-4649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4649"
    },
    {
      "name": "CVE-2011-1044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1044"
    },
    {
      "name": "CVE-2011-2022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2022"
    },
    {
      "name": "CVE-2011-1746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1746"
    },
    {
      "name": "CVE-2011-0695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0695"
    },
    {
      "name": "CVE-2011-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1745"
    },
    {
      "name": "CVE-2012-0884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
    },
    {
      "name": "CVE-2011-1776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1776"
    },
    {
      "name": "CVE-2011-4028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4028"
    },
    {
      "name": "CVE-2011-1936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1936"
    },
    {
      "name": "CVE-2011-1593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1593"
    },
    {
      "name": "CVE-2011-1182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1182"
    },
    {
      "name": "CVE-2012-1165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1165"
    },
    {
      "name": "CVE-2012-0864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2011-2492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2492"
    },
    {
      "name": "CVE-2011-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1573"
    },
    {
      "name": "CVE-2011-0419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
    },
    {
      "name": "CVE-2011-0711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0711"
    },
    {
      "name": "CVE-2011-1576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1576"
    }
  ],
  "initial_release_date": "2012-09-24T00:00:00",
  "last_revision_date": "2012-09-24T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
      "url": "https://downloads.avaya.com/css/P8/documents/100160780"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
      "url": "https://downloads.avaya.com/css/P8/documents/100160023"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 19 septembre 2012 :",
      "url": "https://downloads.avaya.com/css/P8/documents/100162507"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
      "url": "https://downloads.avaya.com/css/P8/documents/100160589"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 19 septembre 2012 :",
      "url": "https://downloads.avaya.com/css/P8/documents/100147390"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
      "url": "https://downloads.avaya.com/css/P8/documents/100141102"
    }
  ],
  "reference": "CERTA-2012-AVI-518",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-09-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eAvaya\u003c/span\u003e. Les correctifs sont li\u00e9s \u00e0 la mise \u00e0 jour\nde leurs syst\u00e8mes \u003cspan class=\"textit\"\u003eRedhat\u003c/span\u003e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Avaya",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Avaya",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-1776 (GCVE-0-2011-1776)

Vulnerability from cvelistv5

CERTA-2011-AVI-393

Vulnerability from certfr_avis

Description

Solution

CERTA-2012-AVI-046

Vulnerability from certfr_avis

Description

Solution

CERTA-2012-AVI-518

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature