Lucene search

K
cve[email protected]CVE-2011-1079
HistoryJun 21, 2012 - 11:55 p.m.

CVE-2011-1079

2012-06-2123:55:02
CWE-20
web.nvd.nist.gov
71
3
linux kernel
bnep_sock_ioctl
cve-2011-1079
security vulnerability
denial of service
nvd

5.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:N/A:C

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a ‘\0’ character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.

Affected configurations

NVD
Node
linuxlinux_kernelRange2.6.38.8
OR
linuxlinux_kernelMatch2.6.38
OR
linuxlinux_kernelMatch2.6.38rc1
OR
linuxlinux_kernelMatch2.6.38rc2
OR
linuxlinux_kernelMatch2.6.38rc3
OR
linuxlinux_kernelMatch2.6.38rc4
OR
linuxlinux_kernelMatch2.6.38rc5
OR
linuxlinux_kernelMatch2.6.38rc6
OR
linuxlinux_kernelMatch2.6.38rc7
OR
linuxlinux_kernelMatch2.6.38rc8
OR
linuxlinux_kernelMatch2.6.38.1
OR
linuxlinux_kernelMatch2.6.38.2
OR
linuxlinux_kernelMatch2.6.38.3
OR
linuxlinux_kernelMatch2.6.38.4
OR
linuxlinux_kernelMatch2.6.38.5
OR
linuxlinux_kernelMatch2.6.38.6
OR
linuxlinux_kernelMatch2.6.38.7

Social References

More

5.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:N/A:C

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%