CVE-2011-1079

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-1079
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.

5.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:C

Exploitability : 3.4 / Impact : 7.8

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact COMPLETE

References
Link Resource
http://downloads.avaya.com/css/P8/documents/100145416
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43629f8f5ea32a998d06d1bb41eefa0e821ff573
http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html
http://rhn.redhat.com/errata/RHSA-2011-0833.html
http://www.openwall.com/lists/oss-security/2011/03/01/10
https://bugzilla.redhat.com/show_bug.cgi?id=681260
https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573 Patch
http://downloads.avaya.com/css/P8/documents/100145416
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43629f8f5ea32a998d06d1bb41eefa0e821ff573
http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html
http://rhn.redhat.com/errata/RHSA-2011-0833.html
http://www.openwall.com/lists/oss-security/2011/03/01/10
https://bugzilla.redhat.com/show_bug.cgi?id=681260
https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38:rc8:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.38.7:*:*:*:*:*:*:*
History

21 Nov 2024, 01:25

Type Values Removed Values Added
References () http://downloads.avaya.com/css/P8/documents/100145416 - () http://downloads.avaya.com/css/P8/documents/100145416 -
References () http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 - () http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 -
References () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43629f8f5ea32a998d06d1bb41eefa0e821ff573 - () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43629f8f5ea32a998d06d1bb41eefa0e821ff573 -
References () http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html - () http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html -
References () http://rhn.redhat.com/errata/RHSA-2011-0833.html - () http://rhn.redhat.com/errata/RHSA-2011-0833.html -
References () http://www.openwall.com/lists/oss-security/2011/03/01/10 - () http://www.openwall.com/lists/oss-security/2011/03/01/10 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=681260 - () https://bugzilla.redhat.com/show_bug.cgi?id=681260 -
References () https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573 - Patch () https://github.com/torvalds/linux/commit/43629f8f5ea32a998d06d1bb41eefa0e821ff573 - Patch
Information

Published : 2012-06-21 23:55

Updated : 2024-11-21 01:25

NVD link : CVE-2011-1079

Mitre link : CVE-2011-1079

CVE.ORG link : CVE-2011-1079

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-20

Improper Input Validation


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024