Lucene search

[email protected]CVE-2011-1079

HistoryJun 21, 2012 - 11:55 p.m.

CVE-2011-1079

2012-06-2123:55:02

CWE-20

[email protected]

web.nvd.nist.gov

linux kernel

bnep_sock_ioctl

cve-2011-1079

security vulnerability

denial of service

nvd

CVSS2

5.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:N/A:C

AI Score

6.5

Confidence

Low

EPSS

Percentile

5.1%

JSON

The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a ‘\0’ character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤2.6.38.8

linuxlinux_kernelMatch2.6.38

linuxlinux_kernelMatch2.6.38rc1

linuxlinux_kernelMatch2.6.38rc2

linuxlinux_kernelMatch2.6.38rc3

linuxlinux_kernelMatch2.6.38rc4

linuxlinux_kernelMatch2.6.38rc5

linuxlinux_kernelMatch2.6.38rc6

linuxlinux_kernelMatch2.6.38rc7

linuxlinux_kernelMatch2.6.38rc8

linuxlinux_kernelMatch2.6.38.1

linuxlinux_kernelMatch2.6.38.2

linuxlinux_kernelMatch2.6.38.3

linuxlinux_kernelMatch2.6.38.4

linuxlinux_kernelMatch2.6.38.5

linuxlinux_kernelMatch2.6.38.6

linuxlinux_kernelMatch2.6.38.7

VendorProductVersionCPE
linuxlinux_kernel2.6.38cpe:/o:linux:linux_kernel:2.6.38:rc4::
linuxlinux_kernel2.6.38.4cpe:/o:linux:linux_kernel:2.6.38.4:::
linuxlinux_kernel2.6.38.1cpe:/o:linux:linux_kernel:2.6.38.1:::
linuxlinux_kernel2.6.38cpe:/o:linux:linux_kernel:2.6.38:rc5::
linuxlinux_kernel2.6.38cpe:/o:linux:linux_kernel:2.6.38:rc7::
linuxlinux_kernelcpe:/o:linux:linux_kernel::::
linuxlinux_kernel2.6.38cpe:/o:linux:linux_kernel:2.6.38:rc2::
linuxlinux_kernel2.6.38.2cpe:/o:linux:linux_kernel:2.6.38.2:::
linuxlinux_kernel2.6.38.7cpe:/o:linux:linux_kernel:2.6.38.7:::
linuxlinux_kernel2.6.38cpe:/o:linux:linux_kernel:2.6.38:rc1::

Vendor	Product	Version	CPE
linux	linux_kernel	2.6.38	cpe:/o:linux:linux_kernel:2.6.38:rc4::
linux	linux_kernel	2.6.38.4	cpe:/o:linux:linux_kernel:2.6.38.4:::
linux	linux_kernel	2.6.38.1	cpe:/o:linux:linux_kernel:2.6.38.1:::
linux	linux_kernel	2.6.38	cpe:/o:linux:linux_kernel:2.6.38:rc5::
linux	linux_kernel	2.6.38	cpe:/o:linux:linux_kernel:2.6.38:rc7::
linux	linux_kernel		cpe:/o:linux:linux_kernel::::
linux	linux_kernel	2.6.38	cpe:/o:linux:linux_kernel:2.6.38:rc2::
linux	linux_kernel	2.6.38.2	cpe:/o:linux:linux_kernel:2.6.38.2:::
linux	linux_kernel	2.6.38.7	cpe:/o:linux:linux_kernel:2.6.38.7:::
linux	linux_kernel	2.6.38	cpe:/o:linux:linux_kernel:2.6.38:rc1::