Novell Home

CVE-2011-3188

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-3188 at MITRE

Description

The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Note from the SUSE Security Team

While a fix was released for SUSE Linux Enterprise 11 SP1 via the 2.6.32.stable tree, the SUSE kernel engineering team is currently not considering a backport for older SUSE Linux Enterprise versions for this problem.

Reasons are:

  • The patches are tricky to backport and risk of unintended and undiscovered breakage is high.
  • The currently used 24 bit strong MD4 hashing still covers all but extreme scenarios, where a potential attacker must be in gigabit ethernet reach in close proximity to the targeted machine. This is likely to remain the case during the SUSE Linux Enterprise 10 life time.
  • Current usage of cryptographic protocols will make this attack ineffective.
  • Non local attackers will likely be caught by the network ingres filtering that is strongly recommended these days.
,While a fix was released for SUSE Linux Enterprise 11 SP1 via the 2.6.32.stable tree, the SUSE kernel engineering team is currently not considering a backport for older SUSE Linux Enterprise versions for this problem.

Reasons are:

  • The patches are tricky to backport and risk of unintended and undiscovered breakage is high.
  • The currently used 24 bit strong MD4 hashing still covers all but extreme scenarios, where a potential attacker must be in gigabit ethernet reach in close proximity to the targeted machine. This is likely to remain the case during the SUSE Linux Enterprise 10 life time.
  • Current usage of cryptographic protocols will make this attack ineffective.
  • Non local attackers will likely be caught by the network ingres filtering that is strongly recommended these days.

Novell Bugzilla entries: 713650, 737874

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SLE 11 SERVER Unsupported Extras
  • kernel-default-extra >= 2.6.32.49-0.3.1
  • kernel-xen-extra >= 2.6.32.49-0.3.1
Builds
SAT Patch Nr: 5495
SUSE Linux Enterprise High Availability Extension 11 SP1
  • cluster-network-kmp-default >= 1.4_2.6.32.49_0.3-2.5.18
  • cluster-network-kmp-ppc64 >= 1.4_2.6.32.49_0.3-2.5.18
  • cluster-network-kmp-trace >= 1.4_2.6.32.49_0.3-2.5.18
  • gfs2-kmp-default >= 2_2.6.32.49_0.3-0.2.65
  • gfs2-kmp-ppc64 >= 2_2.6.32.49_0.3-0.2.65
  • gfs2-kmp-trace >= 2_2.6.32.49_0.3-0.2.65
  • ocfs2-kmp-default >= 1.6_2.6.32.49_0.3-0.4.2.18
  • ocfs2-kmp-ppc64 >= 1.6_2.6.32.49_0.3-0.4.2.18
  • ocfs2-kmp-trace >= 1.6_2.6.32.49_0.3-0.4.2.18
sles11-sp1.ppc
sle11-sp1-hae.ppc
SAT Patch Nr: 5507
SUSE Linux Enterprise Server 11 SP1
  • btrfs-kmp-default >= 0_2.6.32.49_0.3-0.3.66
  • btrfs-kmp-trace >= 0_2.6.32.49_0.3-0.3.66
  • ext4dev-kmp-default >= 0_2.6.32.49_0.3-7.9.33
  • ext4dev-kmp-ppc64 >= 0_2.6.32.49_0.3-7.9.33
  • ext4dev-kmp-trace >= 0_2.6.32.49_0.3-7.9.33
  • kernel-default >= 2.6.32.49-0.3.1
  • kernel-default-base >= 2.6.32.49-0.3.1
  • kernel-default-devel >= 2.6.32.49-0.3.1
  • kernel-ppc64 >= 2.6.32.49-0.3.1
  • kernel-ppc64-base >= 2.6.32.49-0.3.1
  • kernel-ppc64-devel >= 2.6.32.49-0.3.1
  • kernel-source >= 2.6.32.49-0.3.1
  • kernel-syms >= 2.6.32.49-0.3.1
  • kernel-trace >= 2.6.32.49-0.3.1
  • kernel-trace-base >= 2.6.32.49-0.3.1
  • kernel-trace-devel >= 2.6.32.49-0.3.1
sles11-sp1.ppc
sle11-sp1-hae.ppc
SAT Patch Nr: 5507
SUSE Linux Enterprise High Availability Extension 11 SP1
  • cluster-network-kmp-default >= 1.4_2.6.32.49_0.3-2.5.18
  • cluster-network-kmp-trace >= 1.4_2.6.32.49_0.3-2.5.18
  • cluster-network-kmp-xen >= 1.4_2.6.32.49_0.3-2.5.18
  • gfs2-kmp-default >= 2_2.6.32.49_0.3-0.2.65
  • gfs2-kmp-trace >= 2_2.6.32.49_0.3-0.2.65
  • gfs2-kmp-xen >= 2_2.6.32.49_0.3-0.2.65
  • ocfs2-kmp-default >= 1.6_2.6.32.49_0.3-0.4.2.18
  • ocfs2-kmp-trace >= 1.6_2.6.32.49_0.3-0.4.2.18
  • ocfs2-kmp-xen >= 1.6_2.6.32.49_0.3-0.4.2.18
sle11-sp1-hae.x86-64
sles11-sp1.x86-64
sled11-sp1.x86-64
sles11-sp1-vmware.x86-64
SAT Patch Nr: 5511
SUSE Linux Enterprise Desktop 11 SP1
  • btrfs-kmp-default >= 0_2.6.32.49_0.3-0.3.66
  • btrfs-kmp-trace >= 0_2.6.32.49_0.3-0.3.66
  • btrfs-kmp-xen >= 0_2.6.32.49_0.3-0.3.66
  • hyper-v-kmp-default >= 0_2.6.32.49_0.3-0.14.17
  • hyper-v-kmp-default >= 0_2.6.32.49_0.3-0.18.1
  • hyper-v-kmp-trace >= 0_2.6.32.49_0.3-0.18.1
  • kernel-default >= 2.6.32.49-0.3.1
  • kernel-default-base >= 2.6.32.49-0.3.1
  • kernel-default-devel >= 2.6.32.49-0.3.1
  • kernel-default-extra >= 2.6.32.49-0.3.1
  • kernel-desktop-devel >= 2.6.32.49-0.3.1
  • kernel-source >= 2.6.32.49-0.3.1
  • kernel-syms >= 2.6.32.49-0.3.1
  • kernel-trace-devel >= 2.6.32.49-0.3.1
  • kernel-xen >= 2.6.32.49-0.3.1
  • kernel-xen-base >= 2.6.32.49-0.3.1
  • kernel-xen-devel >= 2.6.32.49-0.3.1
  • kernel-xen-extra >= 2.6.32.49-0.3.1
sle11-sp1-hae.x86-64
sles11-sp1.x86-64
sled11-sp1.x86-64
sles11-sp1-vmware.x86-64
SAT Patch Nr: 5511
SUSE Linux Enterprise Server 11 SP1 for VMware
  • btrfs-kmp-default >= 0_2.6.32.49_0.3-0.3.66
  • ext4dev-kmp-default >= 0_2.6.32.49_0.3-7.9.33
  • hyper-v-kmp-default >= 0_2.6.32.49_0.3-0.14.17
  • hyper-v-kmp-default >= 0_2.6.32.49_0.3-0.18.1
  • kernel-default >= 2.6.32.49-0.3.1
  • kernel-default-base >= 2.6.32.49-0.3.1
  • kernel-default-devel >= 2.6.32.49-0.3.1
  • kernel-source >= 2.6.32.49-0.3.1
  • kernel-syms >= 2.6.32.49-0.3.1
  • kernel-trace >= 2.6.32.49-0.3.1
  • kernel-trace-base >= 2.6.32.49-0.3.1
  • kernel-trace-devel >= 2.6.32.49-0.3.1
sle11-sp1-hae.x86-64
sles11-sp1.x86-64
sled11-sp1.x86-64
sles11-sp1-vmware.x86-64
SAT Patch Nr: 5511
SUSE Linux Enterprise Server 11 SP1
  • btrfs-kmp-default >= 0_2.6.32.49_0.3-0.3.66
  • btrfs-kmp-trace >= 0_2.6.32.49_0.3-0.3.66
  • btrfs-kmp-xen >= 0_2.6.32.49_0.3-0.3.66
  • ext4dev-kmp-default >= 0_2.6.32.49_0.3-7.9.33
  • ext4dev-kmp-trace >= 0_2.6.32.49_0.3-7.9.33
  • ext4dev-kmp-xen >= 0_2.6.32.49_0.3-7.9.33
  • hyper-v-kmp-default >= 0_2.6.32.49_0.3-0.14.17
  • hyper-v-kmp-default >= 0_2.6.32.49_0.3-0.18.1
  • hyper-v-kmp-trace >= 0_2.6.32.49_0.3-0.18.1
  • kernel-default >= 2.6.32.49-0.3.1
  • kernel-default-base >= 2.6.32.49-0.3.1
  • kernel-default-devel >= 2.6.32.49-0.3.1
  • kernel-ec2 >= 2.6.32.49-0.3.1
  • kernel-ec2-base >= 2.6.32.49-0.3.1
  • kernel-source >= 2.6.32.49-0.3.1
  • kernel-syms >= 2.6.32.49-0.3.1
  • kernel-trace >= 2.6.32.49-0.3.1
  • kernel-trace-base >= 2.6.32.49-0.3.1
  • kernel-trace-devel >= 2.6.32.49-0.3.1
  • kernel-xen >= 2.6.32.49-0.3.1
  • kernel-xen-base >= 2.6.32.49-0.3.1
  • kernel-xen-devel >= 2.6.32.49-0.3.1
sle11-sp1-hae.x86-64
sles11-sp1.x86-64
sled11-sp1.x86-64
sles11-sp1-vmware.x86-64
SAT Patch Nr: 5511
SLE 11 SERVER Unsupported Extras
  • kernel-default-extra >= 2.6.32.49-0.3.1
  • kernel-pae-extra >= 2.6.32.49-0.3.1
  • kernel-xen-extra >= 2.6.32.49-0.3.1
Builds
SAT Patch Nr: 5496
SUSE Linux Enterprise High Availability Extension 11 SP1
  • cluster-network-kmp-default >= 1.4_2.6.32.49_0.3-2.5.18
  • cluster-network-kmp-trace >= 1.4_2.6.32.49_0.3-2.5.18
  • gfs2-kmp-default >= 2_2.6.32.49_0.3-0.2.65
  • gfs2-kmp-trace >= 2_2.6.32.49_0.3-0.2.65
  • ocfs2-kmp-default >= 1.6_2.6.32.49_0.3-0.4.2.18
  • ocfs2-kmp-trace >= 1.6_2.6.32.49_0.3-0.4.2.18
sle11-sp1-hae.ia64
sles11-sp1.ia64
SAT Patch Nr: 5494
SUSE Linux Enterprise Server 11 SP1
  • btrfs-kmp-default >= 0_2.6.32.49_0.3-0.3.66
  • btrfs-kmp-trace >= 0_2.6.32.49_0.3-0.3.66
  • ext4dev-kmp-default >= 0_2.6.32.49_0.3-7.9.33
  • ext4dev-kmp-trace >= 0_2.6.32.49_0.3-7.9.33
  • kernel-default >= 2.6.32.49-0.3.1
  • kernel-default-base >= 2.6.32.49-0.3.1
  • kernel-default-devel >= 2.6.32.49-0.3.1
  • kernel-source >= 2.6.32.49-0.3.1
  • kernel-syms >= 2.6.32.49-0.3.1
  • kernel-trace >= 2.6.32.49-0.3.1
  • kernel-trace-base >= 2.6.32.49-0.3.1
  • kernel-trace-devel >= 2.6.32.49-0.3.1
sle11-sp1-hae.ia64
sles11-sp1.ia64
SAT Patch Nr: 5494
SLE 11 SERVER Unsupported Extras
  • kernel-default-extra >= 2.6.32.49-0.3.1
  • kernel-ppc64-extra >= 2.6.32.49-0.3.1
Builds
SAT Patch Nr: 5497
SUSE Linux Enterprise High Availability Extension 11 SP1
  • cluster-network-kmp-default >= 1.4_2.6.32.49_0.3-2.5.18
  • cluster-network-kmp-pae >= 1.4_2.6.32.49_0.3-2.5.18
  • cluster-network-kmp-trace >= 1.4_2.6.32.49_0.3-2.5.18
  • cluster-network-kmp-xen >= 1.4_2.6.32.49_0.3-2.5.18
  • gfs2-kmp-default >= 2_2.6.32.49_0.3-0.2.65
  • gfs2-kmp-pae >= 2_2.6.32.49_0.3-0.2.65
  • gfs2-kmp-trace >= 2_2.6.32.49_0.3-0.2.65
  • gfs2-kmp-xen >= 2_2.6.32.49_0.3-0.2.65
  • ocfs2-kmp-default >= 1.6_2.6.32.49_0.3-0.4.2.18
  • ocfs2-kmp-pae >= 1.6_2.6.32.49_0.3-0.4.2.18
  • ocfs2-kmp-trace >= 1.6_2.6.32.49_0.3-0.4.2.18
  • ocfs2-kmp-xen >= 1.6_2.6.32.49_0.3-0.4.2.18
sles11-sp1-vmware.x86
sle11-sp1-hae.x86
sles11-sp1.x86
sled11-sp1.x86
SAT Patch Nr: 5510
SUSE Linux Enterprise Desktop 11 SP1
  • btrfs-kmp-default >= 0_2.6.32.49_0.3-0.3.66
  • btrfs-kmp-pae >= 0_2.6.32.49_0.3-0.3.66
  • btrfs-kmp-trace >= 0_2.6.32.49_0.3-0.3.66
  • btrfs-kmp-xen >= 0_2.6.32.49_0.3-0.3.66
  • hyper-v-kmp-default >= 0_2.6.32.49_0.3-0.14.17
  • hyper-v-kmp-default >= 0_2.6.32.49_0.3-0.18.1
  • hyper-v-kmp-pae >= 0_2.6.32.49_0.3-0.14.17
  • hyper-v-kmp-pae >= 0_2.6.32.49_0.3-0.18.1
  • hyper-v-kmp-trace >= 0_2.6.32.49_0.3-0.18.1
  • kernel-default >= 2.6.32.49-0.3.1
  • kernel-default-base >= 2.6.32.49-0.3.1
  • kernel-default-devel >= 2.6.32.49-0.3.1
  • kernel-default-extra >= 2.6.32.49-0.3.1
  • kernel-desktop-devel >= 2.6.32.49-0.3.1
  • kernel-pae >= 2.6.32.49-0.3.1
  • kernel-pae-base >= 2.6.32.49-0.3.1
  • kernel-pae-devel >= 2.6.32.49-0.3.1
  • kernel-pae-extra >= 2.6.32.49-0.3.1
  • kernel-source >= 2.6.32.49-0.3.1
  • kernel-syms >= 2.6.32.49-0.3.1
  • kernel-trace-devel >= 2.6.32.49-0.3.1
  • kernel-xen >= 2.6.32.49-0.3.1
  • kernel-xen-base >= 2.6.32.49-0.3.1
  • kernel-xen-devel >= 2.6.32.49-0.3.1
  • kernel-xen-extra >= 2.6.32.49-0.3.1
sles11-sp1-vmware.x86
sle11-sp1-hae.x86
sles11-sp1.x86
sled11-sp1.x86
SAT Patch Nr: 5510
SUSE Linux Enterprise Server 11 SP1 for VMware
  • btrfs-kmp-default >= 0_2.6.32.49_0.3-0.3.66
  • btrfs-kmp-pae >= 0_2.6.32.49_0.3-0.3.66
  • ext4dev-kmp-default >= 0_2.6.32.49_0.3-7.9.33
  • ext4dev-kmp-pae >= 0_2.6.32.49_0.3-7.9.33
  • hyper-v-kmp-default >= 0_2.6.32.49_0.3-0.14.17
  • hyper-v-kmp-default >= 0_2.6.32.49_0.3-0.18.1
  • hyper-v-kmp-pae >= 0_2.6.32.49_0.3-0.14.17
  • hyper-v-kmp-pae >= 0_2.6.32.49_0.3-0.18.1
  • kernel-default >= 2.6.32.49-0.3.1
  • kernel-default-base >= 2.6.32.49-0.3.1
  • kernel-default-devel >= 2.6.32.49-0.3.1
  • kernel-pae >= 2.6.32.49-0.3.1
  • kernel-pae-base >= 2.6.32.49-0.3.1
  • kernel-pae-devel >= 2.6.32.49-0.3.1
  • kernel-source >= 2.6.32.49-0.3.1
  • kernel-syms >= 2.6.32.49-0.3.1
  • kernel-trace >= 2.6.32.49-0.3.1
  • kernel-trace-base >= 2.6.32.49-0.3.1
  • kernel-trace-devel >= 2.6.32.49-0.3.1
sles11-sp1-vmware.x86
sle11-sp1-hae.x86
sles11-sp1.x86
sled11-sp1.x86
SAT Patch Nr: 5510
SUSE Linux Enterprise Server 11 SP1
  • btrfs-kmp-default >= 0_2.6.32.49_0.3-0.3.66
  • btrfs-kmp-pae >= 0_2.6.32.49_0.3-0.3.66
  • btrfs-kmp-trace >= 0_2.6.32.49_0.3-0.3.66
  • btrfs-kmp-xen >= 0_2.6.32.49_0.3-0.3.66
  • ext4dev-kmp-default >= 0_2.6.32.49_0.3-7.9.33
  • ext4dev-kmp-pae >= 0_2.6.32.49_0.3-7.9.33
  • ext4dev-kmp-trace >= 0_2.6.32.49_0.3-7.9.33
  • ext4dev-kmp-xen >= 0_2.6.32.49_0.3-7.9.33
  • hyper-v-kmp-default >= 0_2.6.32.49_0.3-0.14.17
  • hyper-v-kmp-default >= 0_2.6.32.49_0.3-0.18.1
  • hyper-v-kmp-pae >= 0_2.6.32.49_0.3-0.14.17
  • hyper-v-kmp-pae >= 0_2.6.32.49_0.3-0.18.1
  • hyper-v-kmp-trace >= 0_2.6.32.49_0.3-0.18.1
  • kernel-default >= 2.6.32.49-0.3.1
  • kernel-default-base >= 2.6.32.49-0.3.1
  • kernel-default-devel >= 2.6.32.49-0.3.1
  • kernel-ec2 >= 2.6.32.49-0.3.1
  • kernel-ec2-base >= 2.6.32.49-0.3.1
  • kernel-pae >= 2.6.32.49-0.3.1
  • kernel-pae-base >= 2.6.32.49-0.3.1
  • kernel-pae-devel >= 2.6.32.49-0.3.1
  • kernel-source >= 2.6.32.49-0.3.1
  • kernel-syms >= 2.6.32.49-0.3.1
  • kernel-trace >= 2.6.32.49-0.3.1
  • kernel-trace-base >= 2.6.32.49-0.3.1
  • kernel-trace-devel >= 2.6.32.49-0.3.1
  • kernel-xen >= 2.6.32.49-0.3.1
  • kernel-xen-base >= 2.6.32.49-0.3.1
  • kernel-xen-devel >= 2.6.32.49-0.3.1
sles11-sp1-vmware.x86
sle11-sp1-hae.x86
sles11-sp1.x86
sled11-sp1.x86
SAT Patch Nr: 5510
SUSE Linux Enterprise High Availability Extension 11 SP1
  • drbd-kmp-trace >= 8.3.11_2.6.32.49_0.3-0.3.18
sle11-sp1-hae.ppc
sle11-sp1-hae.ia64
sles11-sp1.ppc
sles11-sp1.s390x
sles11-sp1.x86-64
sle11-sp1-hae.s390x
sle11-sp1-hae.x86
sles11-sp1.ia64
sles11-sp1.x86
sle11-sp1-hae.x86-64
SAT Patch Nr: 5509
SUSE Linux Enterprise Server 11 SP1
  • brocade-bna-kmp-trace >= 2.1.0.0_2.6.32.49_0.3-0.2.31
  • iscsitarget-kmp-trace >= 1.4.19_2.6.32.49_0.3-0.7.60
  • ofed-kmp-trace >= 1.5.2_2.6.32.49_0.3-0.9.13.5
  • oracleasm-kmp-trace >= 2.0.5_2.6.32.49_0.3-7.17.36
  • xen-kmp-trace >= 4.0.2_21511_04_2.6.32.49_0.3-0.5.10
sle11-sp1-hae.ppc
sle11-sp1-hae.ia64
sles11-sp1.ppc
sles11-sp1.s390x
sles11-sp1.x86-64
sle11-sp1-hae.s390x
sle11-sp1-hae.x86
sles11-sp1.ia64
sles11-sp1.x86
sle11-sp1-hae.x86-64
SAT Patch Nr: 5509
SUSE Linux Enterprise Server 11 SP1
  • iscsitarget-kmp-trace >= 1.4.19_2.6.32.49_0.3-0.7.60
  • ofed-kmp-trace >= 1.5.2_2.6.32.49_0.3-0.9.13.5
  • oracleasm-kmp-trace >= 2.0.5_2.6.32.49_0.3-7.17.36
sle11-sp1-hae.ppc
sle11-sp1-hae.ia64
sles11-sp1.ppc
sles11-sp1.s390x
sles11-sp1.x86-64
sle11-sp1-hae.s390x
sle11-sp1-hae.x86
sles11-sp1.ia64
sles11-sp1.x86
sle11-sp1-hae.x86-64
SAT Patch Nr: 5509
SUSE Linux Enterprise Server 11 SP1
  • iscsitarget-kmp-trace >= 1.4.19_2.6.32.49_0.3-0.7.60
  • oracleasm-kmp-trace >= 2.0.5_2.6.32.49_0.3-7.17.36
sle11-sp1-hae.ppc
sle11-sp1-hae.ia64
sles11-sp1.ppc
sles11-sp1.s390x
sles11-sp1.x86-64
sle11-sp1-hae.s390x
sle11-sp1-hae.x86
sles11-sp1.ia64
sles11-sp1.x86
sle11-sp1-hae.x86-64
SAT Patch Nr: 5509
SLE 11 SERVER Unsupported Extras
  • kernel-default-extra >= 2.6.32.49-0.3.1
Builds
SAT Patch Nr: 5503
SLE 11 SERVER Unsupported Extras
  • kernel-default-extra >= 2.6.32.49-0.3.1
Builds
SAT Patch Nr: 5502
SUSE Linux Enterprise High Availability Extension 11 SP1
  • cluster-network-kmp-default >= 1.4_2.6.32.49_0.3-2.5.18
  • cluster-network-kmp-trace >= 1.4_2.6.32.49_0.3-2.5.18
  • gfs2-kmp-default >= 2_2.6.32.49_0.3-0.2.65
  • gfs2-kmp-trace >= 2_2.6.32.49_0.3-0.2.65
  • ocfs2-kmp-default >= 1.6_2.6.32.49_0.3-0.4.2.18
  • ocfs2-kmp-trace >= 1.6_2.6.32.49_0.3-0.4.2.18
sles11-sp1.s390x
sle11-sp1-hae.s390x
SAT Patch Nr: 5493
SUSE Linux Enterprise Server 11 SP1
  • btrfs-kmp-default >= 0_2.6.32.49_0.3-0.3.66
  • btrfs-kmp-trace >= 0_2.6.32.49_0.3-0.3.66
  • ext4dev-kmp-default >= 0_2.6.32.49_0.3-7.9.33
  • ext4dev-kmp-trace >= 0_2.6.32.49_0.3-7.9.33
  • kernel-default >= 2.6.32.49-0.3.1
  • kernel-default-base >= 2.6.32.49-0.3.1
  • kernel-default-devel >= 2.6.32.49-0.3.1
  • kernel-default-man >= 2.6.32.49-0.3.1
  • kernel-source >= 2.6.32.49-0.3.1
  • kernel-syms >= 2.6.32.49-0.3.1
  • kernel-trace >= 2.6.32.49-0.3.1
  • kernel-trace-base >= 2.6.32.49-0.3.1
  • kernel-trace-devel >= 2.6.32.49-0.3.1
sles11-sp1.s390x
sle11-sp1-hae.s390x
SAT Patch Nr: 5493

© 2014 Novell