CVE-2016-5011
First published: Tue Apr 11 2017(Updated: )
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Util-linux | <=2.28 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server EUS | =7.3 | |
| Red Hat Enterprise Linux Server EUS | =7.4 | |
| Red Hat Enterprise Linux Server EUS | =7.5 | |
| Red Hat Enterprise Linux Server EUS | =7.6 | |
| Red Hat Enterprise Linux Server EUS | =7.7 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.7 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.7 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| IBM PowerKVM | =2.1 | |
| IBM PowerKVM | =3.1 | |
| IBM Power Hardware Management Console Firmware | =8.8.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2016-2605.html
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801
- http://www.openwall.com/lists/oss-security/2016/07/11/2
- http://www.securityfocus.com/bid/91683
- http://www.securitytracker.com/id/1036272
- https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3
Frequently Asked Questions
What is the severity of CVE-2016-5011?
CVE-2016-5011 has been assigned a medium severity rating due to its potential for causing denial of service through memory consumption.
How do I fix CVE-2016-5011?
To fix CVE-2016-5011, update the libblkid library in util-linux to a version greater than 2.28 or apply any appropriate patches from your distribution vendor.
Who is affected by CVE-2016-5011?
CVE-2016-5011 affects systems running versions of util-linux up to 2.28, and certain versions of Red Hat Enterprise Linux and IBM PowerKVM.
What type of vulnerability is CVE-2016-5011?
CVE-2016-5011 is a denial of service vulnerability caused by improper handling of crafted MSDOS partition tables.
Can CVE-2016-5011 be exploited remotely?
CVE-2016-5011 requires local access to exploit, as it involves physically proximate attackers manipulating partition tables.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/kernel
- canonical/util-linux
- version/util-linux/2.28
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/7.3
- version/red hat enterprise linux server eus/7.4
- version/red hat enterprise linux server eus/7.5
- version/red hat enterprise linux server eus/7.6
- version/red hat enterprise linux server eus/7.7
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.3
- version/red hat enterprise linux server/7.4
- version/red hat enterprise linux server/7.6
- version/red hat enterprise linux server/7.7
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/7.0
- vendor/ibm
- canonical/ibm powerkvm
- version/ibm powerkvm/2.1
- version/ibm powerkvm/3.1
- canonical/ibm power hardware management console firmware
- version/ibm power hardware management console firmware/8.8.6.0