CVE-2011-2189

Name of the Vulnerable Software and Affected Versions Linux kernel version 2.6.32 and earlier

Description The issue is related to the handling of network namespaces in the Linux kernel. It does not properly handle a high rate of creation and cleanup of these namespaces, which can lead to a denial of service due to memory consumption. This can be exploited by remote attackers through requests to a daemon that requires a separate namespace per connection. An example of such a daemon is vsftpd. Additionally, there are multiple vulnerabilities in the vsftpd package in Debian GNU/Linux that can lead to disruption of protected information, and these can be exploited remotely.

Recommendations For Linux kernel version 2.6.32 and earlier, consider upgrading to a newer version to mitigate the risk of denial of service attacks. As a temporary workaround, consider restricting access to daemons that require a separate namespace per connection, such as vsftpd, to minimize the risk of exploitation.