CVE-2011-3347

Published: 21 October 2011

A certain Red Hat patch to the be2net implementation in the kernel package before 2.6.32-218.el6 on Red Hat Enterprise Linux (RHEL) 6, when promiscuous mode is enabled, allows remote attackers to cause a denial of service (system crash) via non-member VLAN packets.

From the Ubuntu security team

Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
Patches:
Vendor: https://rhn.redhat.com/errata/RHSA-2011-1386.html
Introduced by 1da87b7fafebb7874622602f79a5fec0425aede7
Fixed by ecd0bf0f7b280bac3ac7419ed3aac84cd92878e9
Introduced by 1da87b7fafebb7874622602f79a5fec0425aede7
Fixed by 4c5102f94c175d81790a3a288e85efd4a8a1649a
Introduced by 1da87b7fafebb7874622602f79a5fec0425aede7
Fixed by c0e64ef4899df4cedc872871e54e2c069d29e519
linux-armadaxp
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-aws
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-gke
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-hwe-edge
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-lts-quantal
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-lts-raring
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-lts-utopic
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-lts-vivid
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-lts-wily
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-raspi2
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-snapdragon
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (3.2~rc1)

Notes

AuthorNote
apw
https://bugzilla.redhat.com/show_bug.cgi?id=748691
looks to be 4 commits to fix:
ecd0bf0f7b280bac3ac7419ed3aac84cd92878e9
4c5102f94c175d81790a3a288e85efd4a8a1649a
c0e64ef4899df4cedc872871e54e2c069d29e519
343e43c02850a3abcd22bd144e5bdbc92fdd273c
issue looks to be exposed by:
1da87b7fafebb7874622602f79a5fec0425aede7.
the last of these commits is a change to the use of unlikely and therefore
not really part of the fix, therefore dropping:
343e43c02850a3abcd22bd144e5bdbc92fdd273c

References

Bugs