Details of VAR-201102-0369

ID

VAR-201102-0369

CVE

CVE-2011-1042

TITLE

Google Chrome OS of flimflamd Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-004304

DESCRIPTION

Use-after-free vulnerability in flimflamd in flimflam in Google Chrome OS before 0.9.130.14 Beta allows user-assisted remote attackers to cause a denial of service (daemon crash) by providing the name of a hidden WiFi network that does not respond to connection attempts. Google Chrome OS is a lightweight computer operating system development program developed by Google to develop a cloud operating system dedicated to the Internet. A post-release vulnerability exists in flimflamd in flimflam prior to Google Chrome OS 0.9.130.14 Beta. Successful exploits will cause the affected application to crash, effectively denying service to legitimate users. Due to the nature of this issue, remote code execution may be possible; this has not been confirmed

Trust: 2.43

sources: NVD: CVE-2011-1042 // JVNDB: JVNDB-2011-004304 // CNVD: CNVD-2011-6662 // BID: 46484

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-6662

AFFECTED PRODUCTS

vendor:	google	model:	chrome os	scope:	eq	version:	8.0.552.344	Trust: 1.6
vendor:	google	model:	chrome os	scope:	eq	version:	8.0.552.342	Trust: 1.6
vendor:	google	model:	chrome os	scope:	eq	version:	8.0.552.343	Trust: 1.6
vendor:	google	model:	chrome os	scope:	lte	version:	0.9.126.0	Trust: 1.0
vendor:	google	model:	chrome os	scope:	lt	version:	0.9.130.14 beta	Trust: 0.8
vendor:	google	model:	chrome os beta	scope:	eq	version:	0.9.130.14	Trust: 0.6
vendor:	google	model:	chrome os	scope:	eq	version:	0.9.126.0	Trust: 0.6
vendor:	google	model:	chrome os	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.310	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.309	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.308	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.307	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.306	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.305	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.304	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.303	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.302	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.301	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.300	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.237	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.226	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.225	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.224	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.223	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.222	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.221	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.220	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.219	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.218	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.217	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.216	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.215	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.214	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.213	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.212	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.211	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.210	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.21	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.209	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.208	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.207	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.206	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.205	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.204	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.203	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.202	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.201	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.200	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.20	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.19	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.18	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.17	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.16	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.15	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.14	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.13	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.12	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.11	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.105	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.104	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.103	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.102	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.101	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.100	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.10	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.551.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.551.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.550.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.549.0	Trust: 0.3
vendor:	google	model:	chrome os	scope:	ne	version:	21.0.1180.49	Trust: 0.3
vendor:	google	model:	chrome	scope:	ne	version:	8.0.552.344	Trust: 0.3

sources: CNVD: CNVD-2011-6662 // BID: 46484 // JVNDB: JVNDB-2011-004304 // CNNVD: CNNVD-201102-292 // NVD: CVE-2011-1042

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-1042
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-1042
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2011-6662
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201102-292
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2011-1042
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2011-6662
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2011-6662 // JVNDB: JVNDB-2011-004304 // CNNVD: CNNVD-201102-292 // NVD: CVE-2011-1042

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.8

sources: JVNDB: JVNDB-2011-004304 // NVD: CVE-2011-1042

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201102-292

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201102-292

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-004304

PATCH

title:	Beta Channel Update	url:	http://googlechromereleases.blogspot.com/2011/01/chrome-os-beta-channel-update.html	Trust: 0.8
title:	Google Chrome OS flimflam flimflamd released patch after use vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/37305	Trust: 0.6

sources: CNVD: CNVD-2011-6662 // JVNDB: JVNDB-2011-004304

EXTERNAL IDS

db:	NVD	id:	CVE-2011-1042	Trust: 3.3
db:	JVNDB	id:	JVNDB-2011-004304	Trust: 0.8
db:	XF	id:	65556	Trust: 0.6
db:	CNVD	id:	CNVD-2011-6662	Trust: 0.6
db:	CNNVD	id:	CNNVD-201102-292	Trust: 0.6
db:	BID	id:	46484	Trust: 0.3

sources: CNVD: CNVD-2011-6662 // BID: 46484 // JVNDB: JVNDB-2011-004304 // CNNVD: CNNVD-201102-292 // NVD: CVE-2011-1042

REFERENCES

url:	http://googlechromereleases.blogspot.com/2011/01/chrome-os-beta-channel-update.html	Trust: 1.9
url:	http://codereview.chromium.org/5255012	Trust: 1.9
url:	http://code.google.com/p/chromium-os/issues/detail?id=8871	Trust: 1.9
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/65556	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1042	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1042	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/65556	Trust: 0.6
url:	http://www.google.com/chromeos/	Trust: 0.3

sources: CNVD: CNVD-2011-6662 // BID: 46484 // JVNDB: JVNDB-2011-004304 // CNNVD: CNNVD-201102-292 // NVD: CVE-2011-1042

CREDITS

srikanthk

Trust: 0.3

sources: BID: 46484

SOURCES

db:	CNVD	id:	CNVD-2011-6662
db:	BID	id:	46484
db:	JVNDB	id:	JVNDB-2011-004304
db:	CNNVD	id:	CNNVD-201102-292
db:	NVD	id:	CVE-2011-1042

LAST UPDATE DATE

2024-11-23T22:14:15.001000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-6662	date:	2011-02-21T00:00:00
db:	BID	id:	46484	date:	2015-03-19T08:13:00
db:	JVNDB	id:	JVNDB-2011-004304	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201102-292	date:	2011-02-22T00:00:00
db:	NVD	id:	CVE-2011-1042	date:	2024-11-21T01:25:23.300

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-6662	date:	2011-02-21T00:00:00
db:	BID	id:	46484	date:	2011-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2011-004304	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201102-292	date:	2011-02-21T00:00:00
db:	NVD	id:	CVE-2011-1042	date:	2011-02-18T17:00:46.323