Details of VAR-201402-0040

ID

VAR-201402-0040

CVE

CVE-2011-4093

TITLE

libnet6 of inc/server.hpp Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2011-005274

DESCRIPTION

Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided. Net6 is a simple network library. Net6 has an internal ID count overflow error that can be exploited to hijack other user sessions. net6 is prone to a session-hijacking vulnerability and an information-disclosure vulnerability. An attacker can exploit these vulnerabilities to obtain sensitive information, or possibly perform actions with elevated privileges. net6 1.3.13 is vulnerable; other versions may also be affected. For more information: SA46605 SOLUTION: Apply updated packages via the yum utility ("yum update net6"). ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: net6 Two Weaknesses SECUNIA ADVISORY ID: SA46605 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46605/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46605 RELEASE DATE: 2011-10-31 DISCUSS ADVISORY: http://secunia.com/advisories/46605/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46605/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46605 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Vasiliy Kulikov has reported two weaknesses in net6, which can be exploited by malicious people to disclose certain information and conduct session hijacking attacks. 1) The library may perform certain actions prior to validating the authentication of a connecting user, which can be exploited to e.g. disclose certain information about already connected users. hijack another user's session. The weaknesses are reported in version 1.3.13. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Vasiliy Kulikov ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2011/10/30/3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . 1) An error in the net6 library can be exploited to e.g. For more information see weakness #2 in: SA46605 SOLUTION: Restrict access to trusted hosts only

Trust: 2.97

sources: NVD: CVE-2011-4093 // JVNDB: JVNDB-2011-005274 // CNVD: CNVD-2011-4619 // BID: 50442 // VULMON: CVE-2011-4093 // PACKETSTORM: 106452 // PACKETSTORM: 108403 // PACKETSTORM: 107292 // PACKETSTORM: 106438 // PACKETSTORM: 106445

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-4619

AFFECTED PRODUCTS

vendor:	opensuse	model:	opensuse	scope:	eq	version:	11.4	Trust: 1.6
vendor:	armin burgmeier	model:	net6	scope:	eq	version:	1.3.5	Trust: 1.0
vendor:	armin burgmeier	model:	net6	scope:	eq	version:	1.3.9	Trust: 1.0
vendor:	armin burgmeier	model:	net6	scope:	eq	version:	1.3.12	Trust: 1.0
vendor:	armin burgmeier	model:	net6	scope:	eq	version:	1.3.3	Trust: 1.0
vendor:	armin burgmeier	model:	net6	scope:	eq	version:	1.3.4	Trust: 1.0
vendor:	armin burgmeier	model:	net6	scope:	eq	version:	1.3.8	Trust: 1.0
vendor:	armin burgmeier	model:	net6	scope:	eq	version:	1.3.11	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	11.3	Trust: 1.0
vendor:	armin burgmeier	model:	net6	scope:	eq	version:	1.3.6	Trust: 1.0
vendor:	armin burgmeier	model:	net6	scope:	eq	version:	1.3.2	Trust: 1.0
vendor:	armin burgmeier	model:	net6	scope:	eq	version:	1.3.7	Trust: 1.0
vendor:	armin burgmeier	model:	net6	scope:	lte	version:	1.3.13	Trust: 1.0
vendor:	armin burgmeier	model:	net6	scope:	eq	version:	1.3.1	Trust: 1.0
vendor:	armin burgmeier	model:	net6	scope:	eq	version:	1.3.10	Trust: 1.0
vendor:	oracle	model:	solaris	scope:	eq	version:	11.2	Trust: 1.0
vendor:	0x539	model:	dev group net6	scope:	eq	version:	1.3.13	Trust: 0.9
vendor:	armin burgmeier	model:	net6	scope:	lt	version:	1.3.14	Trust: 0.8

sources: CNVD: CNVD-2011-4619 // BID: 50442 // JVNDB: JVNDB-2011-005274 // NVD: CVE-2011-4093 // CNNVD: CNNVD-201110-714

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2011-4093
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-201110-714
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2011-4093
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2011-4093
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9

sources: VULMON: CVE-2011-4093 // JVNDB: JVNDB-2011-005274 // NVD: CVE-2011-4093 // CNNVD: CNNVD-201110-714

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.0
problemtype:	CWE-189	Trust: 0.8

sources: JVNDB: JVNDB-2011-005274 // NVD: CVE-2011-4093

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201110-714

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201110-714

CONFIGURATIONS

sources: NVD: CVE-2011-4093

PATCH

title:	Avoid duplicate IDs on unsigned integer overflow	url:	http://git.0x539.de/?p=net6.git;a=commitdiff;h=ac61d7fb42a1f977fb527e024bede319c4a9e169;hp=08c8e2261604c6fcbbaf62f9ae9d13f7015fcb9a	Trust: 0.8
title:	Bug 727710	url:	https://bugzilla.novell.com/show_bug.cgi?id=727710	Trust: 0.8
title:	Bug 750631	url:	https://bugzilla.redhat.com/show_bug.cgi?id=750631	Trust: 0.8
title:	Net6 session hijacking vulnerability patch	url:	https://www.cnvd.org.cn/patchinfo/show/5747	Trust: 0.6
title:	net6-1.3.14	url:	http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48216	Trust: 0.6
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2a43c5799a7dd07d6c0a92a3b040d12f	Trust: 0.1

sources: CNVD: CNVD-2011-4619 // VULMON: CVE-2011-4093 // JVNDB: JVNDB-2011-005274 // CNNVD: CNNVD-201110-714

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4093	Trust: 3.4
db:	OPENWALL	id:	OSS-SECURITY/2011/10/31/1	Trust: 1.7
db:	JVNDB	id:	JVNDB-2011-005274	Trust: 0.8
db:	CNVD	id:	CNVD-2011-4619	Trust: 0.6
db:	OPENWALL	id:	OSS-SECURITY/2011/10/30/3	Trust: 0.6
db:	CNNVD	id:	CNNVD-201110-714	Trust: 0.6
db:	SECUNIA	id:	46698	Trust: 0.4
db:	BID	id:	50442	Trust: 0.3
db:	SECUNIA	id:	46605	Trust: 0.2
db:	VULMON	id:	CVE-2011-4093	Trust: 0.1
db:	PACKETSTORM	id:	106452	Trust: 0.1
db:	SECUNIA	id:	47433	Trust: 0.1
db:	PACKETSTORM	id:	108403	Trust: 0.1
db:	SECUNIA	id:	46988	Trust: 0.1
db:	PACKETSTORM	id:	107292	Trust: 0.1
db:	PACKETSTORM	id:	106438	Trust: 0.1
db:	PACKETSTORM	id:	106445	Trust: 0.1

sources: CNVD: CNVD-2011-4619 // VULMON: CVE-2011-4093 // BID: 50442 // JVNDB: JVNDB-2011-005274 // PACKETSTORM: 106452 // PACKETSTORM: 108403 // PACKETSTORM: 107292 // PACKETSTORM: 106438 // PACKETSTORM: 106445 // NVD: CVE-2011-4093 // CNNVD: CNNVD-201110-714

REFERENCES

url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2011/10/31/1	Trust: 1.7
url:	https://bugzilla.novell.com/show_bug.cgi?id=727710	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-updates/2012-01/msg00044.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-updates/2012-01/msg00054.html	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=750631	Trust: 1.7
url:	http://git.0x539.de/?p=net6.git%3ba=commitdiff%3bh=ac61d7fb42a1f977fb527e024bede319c4a9e169%3bhp=08c8e2261604c6fcbbaf62f9ae9d13f7015fcb9a	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4093	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4093	Trust: 0.8
url:	http://seclists.org/oss-sec/2011/q4/197	Trust: 0.6
url:	http://www.openwall.com/lists/oss-security/2011/10/30/3	Trust: 0.6
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.5
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.5
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.5
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.5
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.5
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.5
url:	http://git.0x539.de/?p=net6.git;a=commitdiff;h=ac61d7fb42a1f977fb527e024bede319c4a9e169;hp=08c8e2261604c6fcbbaf62f9ae9d13f7015fcb9a	Trust: 0.4
url:	http://git.0x539.de/?p=net6.git;a=commitdiff;h=84afca022f063f89bfcd4bb32b1ee911f555abf1;hp=ac61d7fb42a1f977fb527e024bede319c4a9e169	Trust: 0.3
url:	http://www.0x539.de/projects.html	Trust: 0.3
url:	http://secunia.com/products/corporate/vim/ovum_2011_request/	Trust: 0.3
url:	http://secunia.com/advisories/46698/	Trust: 0.2
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=46698	Trust: 0.2
url:	http://secunia.com/advisories/46698/#comments	Trust: 0.2
url:	http://secunia.com/company/jobs/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://hermes.opensuse.org/messages/13155294	Trust: 0.1
url:	http://secunia.com/advisories/47433/	Trust: 0.1
url:	https://hermes.opensuse.org/messages/13154695	Trust: 0.1
url:	http://secunia.com/advisories/47433/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=47433	Trust: 0.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-november/069822.html	Trust: 0.1
url:	http://secunia.com/advisories/46988/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=46988	Trust: 0.1
url:	http://secunia.com/advisories/46988/	Trust: 0.1
url:	http://secunia.com/advisories/46605/	Trust: 0.1
url:	http://secunia.com/advisories/46605/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=46605	Trust: 0.1

CREDITS

Vasiliy Kulikov

Trust: 0.9

sources: BID: 50442 // CNNVD: CNNVD-201110-714

SOURCES

db:	CNVD	id:	CNVD-2011-4619
db:	VULMON	id:	CVE-2011-4093
db:	BID	id:	50442
db:	JVNDB	id:	JVNDB-2011-005274
db:	PACKETSTORM	id:	106452
db:	PACKETSTORM	id:	108403
db:	PACKETSTORM	id:	107292
db:	PACKETSTORM	id:	106438
db:	PACKETSTORM	id:	106445
db:	NVD	id:	CVE-2011-4093
db:	CNNVD	id:	CNNVD-201110-714

LAST UPDATE DATE

2023-12-18T12:58:03.127000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-4619	date:	2011-11-01T00:00:00
db:	VULMON	id:	CVE-2011-4093	date:	2018-10-30T00:00:00
db:	BID	id:	50442	date:	2015-04-13T21:17:00
db:	JVNDB	id:	JVNDB-2011-005274	date:	2014-02-12T00:00:00
db:	NVD	id:	CVE-2011-4093	date:	2023-02-13T01:21:18.430
db:	CNNVD	id:	CNNVD-201110-714	date:	2023-02-14T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-4619	date:	2011-11-01T00:00:00
db:	VULMON	id:	CVE-2011-4093	date:	2014-02-10T00:00:00
db:	BID	id:	50442	date:	2011-10-31T00:00:00
db:	JVNDB	id:	JVNDB-2011-005274	date:	2014-02-12T00:00:00
db:	PACKETSTORM	id:	106452	date:	2011-10-31T03:59:25
db:	PACKETSTORM	id:	108403	date:	2012-01-06T03:20:14
db:	PACKETSTORM	id:	107292	date:	2011-11-26T01:20:50
db:	PACKETSTORM	id:	106438	date:	2011-10-31T02:00:09
db:	PACKETSTORM	id:	106445	date:	2011-10-31T03:45:03
db:	NVD	id:	CVE-2011-4093	date:	2014-02-10T18:15:09.153
db:	CNNVD	id:	CNNVD-201110-714	date:	1900-01-01T00:00:00