ID

VAR-201402-0040


CVE

CVE-2011-4093


TITLE

libnet6 of inc/server.hpp Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2011-005274

DESCRIPTION

Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided. Net6 is a simple network library. Net6 has an internal ID count overflow error that can be exploited to hijack other user sessions. net6 is prone to a session-hijacking vulnerability and an information-disclosure vulnerability. An attacker can exploit these vulnerabilities to obtain sensitive information, or possibly perform actions with elevated privileges. net6 1.3.13 is vulnerable; other versions may also be affected. For more information: SA46605 SOLUTION: Apply updated packages via the yum utility ("yum update net6"). ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: net6 Two Weaknesses SECUNIA ADVISORY ID: SA46605 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46605/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46605 RELEASE DATE: 2011-10-31 DISCUSS ADVISORY: http://secunia.com/advisories/46605/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46605/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46605 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Vasiliy Kulikov has reported two weaknesses in net6, which can be exploited by malicious people to disclose certain information and conduct session hijacking attacks. 1) The library may perform certain actions prior to validating the authentication of a connecting user, which can be exploited to e.g. disclose certain information about already connected users. hijack another user's session. The weaknesses are reported in version 1.3.13. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Vasiliy Kulikov ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2011/10/30/3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . 1) An error in the net6 library can be exploited to e.g. For more information see weakness #2 in: SA46605 SOLUTION: Restrict access to trusted hosts only

Trust: 2.97

sources: NVD: CVE-2011-4093 // JVNDB: JVNDB-2011-005274 // CNVD: CNVD-2011-4619 // BID: 50442 // VULMON: CVE-2011-4093 // PACKETSTORM: 106452 // PACKETSTORM: 108403 // PACKETSTORM: 107292 // PACKETSTORM: 106438 // PACKETSTORM: 106445

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2011-4619

AFFECTED PRODUCTS

vendor:opensusemodel:opensusescope:eqversion:11.4

Trust: 1.6

vendor:armin burgmeiermodel:net6scope:eqversion:1.3.7

Trust: 1.0

vendor:armin burgmeiermodel:net6scope:eqversion:1.3.3

Trust: 1.0

vendor:armin burgmeiermodel:net6scope:eqversion:1.3.11

Trust: 1.0

vendor:armin burgmeiermodel:net6scope:eqversion:1.3.8

Trust: 1.0

vendor:armin burgmeiermodel:net6scope:eqversion:1.3.10

Trust: 1.0

vendor:armin burgmeiermodel:net6scope:lteversion:1.3.13

Trust: 1.0

vendor:armin burgmeiermodel:net6scope:eqversion:1.3.2

Trust: 1.0

vendor:oraclemodel:solarisscope:eqversion:11.2

Trust: 1.0

vendor:armin burgmeiermodel:net6scope:eqversion:1.3.12

Trust: 1.0

vendor:armin burgmeiermodel:net6scope:eqversion:1.3.5

Trust: 1.0

vendor:armin burgmeiermodel:net6scope:eqversion:1.3.6

Trust: 1.0

vendor:armin burgmeiermodel:net6scope:eqversion:1.3.4

Trust: 1.0

vendor:armin burgmeiermodel:net6scope:eqversion:1.3.9

Trust: 1.0

vendor:armin burgmeiermodel:net6scope:eqversion:1.3.1

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.3

Trust: 1.0

vendor:0x539model:dev group net6scope:eqversion:1.3.13

Trust: 0.9

vendor:armin burgmeiermodel:net6scope:ltversion:1.3.14

Trust: 0.8

sources: CNVD: CNVD-2011-4619 // BID: 50442 // JVNDB: JVNDB-2011-005274 // CNNVD: CNNVD-201110-714 // NVD: CVE-2011-4093

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4093
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4093
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201110-714
value: MEDIUM

Trust: 0.6

VULMON: CVE-2011-4093
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4093
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2011-4093 // JVNDB: JVNDB-2011-005274 // CNNVD: CNNVD-201110-714 // NVD: CVE-2011-4093

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.0

problemtype:CWE-189

Trust: 0.8

sources: JVNDB: JVNDB-2011-005274 // NVD: CVE-2011-4093

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201110-714

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201110-714

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005274

PATCH

title:Avoid duplicate IDs on unsigned integer overflowurl:http://git.0x539.de/?p=net6.git;a=commitdiff;h=ac61d7fb42a1f977fb527e024bede319c4a9e169;hp=08c8e2261604c6fcbbaf62f9ae9d13f7015fcb9a

Trust: 0.8

title:Bug 727710url:https://bugzilla.novell.com/show_bug.cgi?id=727710

Trust: 0.8

title:Bug 750631url:https://bugzilla.redhat.com/show_bug.cgi?id=750631

Trust: 0.8

title:Net6 session hijacking vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/5747

Trust: 0.6

title:net6-1.3.14url:http://123.124.177.30/web/xxk/bdxqById.tag?id=48216

Trust: 0.6

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2a43c5799a7dd07d6c0a92a3b040d12f

Trust: 0.1

sources: CNVD: CNVD-2011-4619 // VULMON: CVE-2011-4093 // JVNDB: JVNDB-2011-005274 // CNNVD: CNNVD-201110-714

EXTERNAL IDS

db:NVDid:CVE-2011-4093

Trust: 3.4

db:OPENWALLid:OSS-SECURITY/2011/10/31/1

Trust: 1.7

db:JVNDBid:JVNDB-2011-005274

Trust: 0.8

db:CNVDid:CNVD-2011-4619

Trust: 0.6

db:OPENWALLid:OSS-SECURITY/2011/10/30/3

Trust: 0.6

db:CNNVDid:CNNVD-201110-714

Trust: 0.6

db:SECUNIAid:46698

Trust: 0.4

db:BIDid:50442

Trust: 0.3

db:SECUNIAid:46605

Trust: 0.2

db:VULMONid:CVE-2011-4093

Trust: 0.1

db:PACKETSTORMid:106452

Trust: 0.1

db:SECUNIAid:47433

Trust: 0.1

db:PACKETSTORMid:108403

Trust: 0.1

db:SECUNIAid:46988

Trust: 0.1

db:PACKETSTORMid:107292

Trust: 0.1

db:PACKETSTORMid:106438

Trust: 0.1

db:PACKETSTORMid:106445

Trust: 0.1

sources: CNVD: CNVD-2011-4619 // VULMON: CVE-2011-4093 // BID: 50442 // JVNDB: JVNDB-2011-005274 // PACKETSTORM: 106452 // PACKETSTORM: 108403 // PACKETSTORM: 107292 // PACKETSTORM: 106438 // PACKETSTORM: 106445 // CNNVD: CNNVD-201110-714 // NVD: CVE-2011-4093

REFERENCES

url:http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2011/10/31/1

Trust: 1.7

url:https://bugzilla.novell.com/show_bug.cgi?id=727710

Trust: 1.7

url:http://lists.opensuse.org/opensuse-updates/2012-01/msg00044.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-updates/2012-01/msg00054.html

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=750631

Trust: 1.7

url:http://git.0x539.de/?p=net6.git%3ba=commitdiff%3bh=ac61d7fb42a1f977fb527e024bede319c4a9e169%3bhp=08c8e2261604c6fcbbaf62f9ae9d13f7015fcb9a

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4093

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4093

Trust: 0.8

url:http://seclists.org/oss-sec/2011/q4/197

Trust: 0.6

url:http://www.openwall.com/lists/oss-security/2011/10/30/3

Trust: 0.6

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.5

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.5

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.5

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.5

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.5

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.5

url:http://git.0x539.de/?p=net6.git;a=commitdiff;h=ac61d7fb42a1f977fb527e024bede319c4a9e169;hp=08c8e2261604c6fcbbaf62f9ae9d13f7015fcb9a

Trust: 0.4

url:http://git.0x539.de/?p=net6.git;a=commitdiff;h=84afca022f063f89bfcd4bb32b1ee911f555abf1;hp=ac61d7fb42a1f977fb527e024bede319c4a9e169

Trust: 0.3

url:http://www.0x539.de/projects.html

Trust: 0.3

url:http://secunia.com/products/corporate/vim/ovum_2011_request/

Trust: 0.3

url:http://secunia.com/advisories/46698/

Trust: 0.2

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=46698

Trust: 0.2

url:http://secunia.com/advisories/46698/#comments

Trust: 0.2

url:http://secunia.com/company/jobs/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/190.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://hermes.opensuse.org/messages/13155294

Trust: 0.1

url:http://secunia.com/advisories/47433/

Trust: 0.1

url:https://hermes.opensuse.org/messages/13154695

Trust: 0.1

url:http://secunia.com/advisories/47433/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47433

Trust: 0.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2011-november/069822.html

Trust: 0.1

url:http://secunia.com/advisories/46988/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=46988

Trust: 0.1

url:http://secunia.com/advisories/46988/

Trust: 0.1

url:http://secunia.com/advisories/46605/

Trust: 0.1

url:http://secunia.com/advisories/46605/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=46605

Trust: 0.1

sources: CNVD: CNVD-2011-4619 // VULMON: CVE-2011-4093 // BID: 50442 // JVNDB: JVNDB-2011-005274 // PACKETSTORM: 106452 // PACKETSTORM: 108403 // PACKETSTORM: 107292 // PACKETSTORM: 106438 // PACKETSTORM: 106445 // CNNVD: CNNVD-201110-714 // NVD: CVE-2011-4093

CREDITS

Vasiliy Kulikov

Trust: 0.9

sources: BID: 50442 // CNNVD: CNNVD-201110-714

SOURCES

db:CNVDid:CNVD-2011-4619
db:VULMONid:CVE-2011-4093
db:BIDid:50442
db:JVNDBid:JVNDB-2011-005274
db:PACKETSTORMid:106452
db:PACKETSTORMid:108403
db:PACKETSTORMid:107292
db:PACKETSTORMid:106438
db:PACKETSTORMid:106445
db:CNNVDid:CNNVD-201110-714
db:NVDid:CVE-2011-4093

LAST UPDATE DATE

2024-08-14T14:40:23.749000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-4619date:2011-11-01T00:00:00
db:VULMONid:CVE-2011-4093date:2018-10-30T00:00:00
db:BIDid:50442date:2015-04-13T21:17:00
db:JVNDBid:JVNDB-2011-005274date:2014-02-12T00:00:00
db:CNNVDid:CNNVD-201110-714date:2023-02-14T00:00:00
db:NVDid:CVE-2011-4093date:2023-02-13T01:21:18.430

SOURCES RELEASE DATE

db:CNVDid:CNVD-2011-4619date:2011-11-01T00:00:00
db:VULMONid:CVE-2011-4093date:2014-02-10T00:00:00
db:BIDid:50442date:2011-10-31T00:00:00
db:JVNDBid:JVNDB-2011-005274date:2014-02-12T00:00:00
db:PACKETSTORMid:106452date:2011-10-31T03:59:25
db:PACKETSTORMid:108403date:2012-01-06T03:20:14
db:PACKETSTORMid:107292date:2011-11-26T01:20:50
db:PACKETSTORMid:106438date:2011-10-31T02:00:09
db:PACKETSTORMid:106445date:2011-10-31T03:45:03
db:CNNVDid:CNNVD-201110-714date:1900-01-01T00:00:00
db:NVDid:CVE-2011-4093date:2014-02-10T18:15:09.153