Lucene search

[email protected]CVE-2011-3345

HistorySep 19, 2011 - 12:02 p.m.

CVE-2011-3345

2011-09-1912:02:57

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-3345

ulp/sdp/sdp_proc.c

ib_sdp module

ofa_kernel package

infiniband driver

openfabrics enterprise distribution

ofed

denial of service

stack memory corruption

system crash

/proc/net/sdpstats

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file.

Affected configurations

NVD

Node

openfabricsenterprise_distributionRange≤1.5.2

openfabricsenterprise_distributionMatch1.1

openfabricsenterprise_distributionMatch1.2.5

openfabricsenterprise_distributionMatch1.3

openfabricsenterprise_distributionMatch1.3.1

openfabricsenterprise_distributionMatch1.3.2

openfabricsenterprise_distributionMatch1.4

openfabricsenterprise_distributionMatch1.4.1

openfabricsenterprise_distributionMatch1.4.2

openfabricsenterprise_distributionMatch1.5

openfabricsenterprise_distributionMatch1.5.1

CPENameOperatorVersion
openfabrics:enterprise_distributionopenfabrics enterprise distributionle1.5.2
openfabrics:enterprise_distributionopenfabrics enterprise distributioneq1.1
openfabrics:enterprise_distributionopenfabrics enterprise distributioneq1.2.5
openfabrics:enterprise_distributionopenfabrics enterprise distributioneq1.3
openfabrics:enterprise_distributionopenfabrics enterprise distributioneq1.3.1
openfabrics:enterprise_distributionopenfabrics enterprise distributioneq1.3.2
openfabrics:enterprise_distributionopenfabrics enterprise distributioneq1.4
openfabrics:enterprise_distributionopenfabrics enterprise distributioneq1.4.1
openfabrics:enterprise_distributionopenfabrics enterprise distributioneq1.4.2
openfabrics:enterprise_distributionopenfabrics enterprise distributioneq1.5

CPE	Name	Operator	Version
openfabrics:enterprise_distribution	openfabrics enterprise distribution	le	1.5.2
openfabrics:enterprise_distribution	openfabrics enterprise distribution	eq	1.1
openfabrics:enterprise_distribution	openfabrics enterprise distribution	eq	1.2.5
openfabrics:enterprise_distribution	openfabrics enterprise distribution	eq	1.3
openfabrics:enterprise_distribution	openfabrics enterprise distribution	eq	1.3.1
openfabrics:enterprise_distribution	openfabrics enterprise distribution	eq	1.3.2
openfabrics:enterprise_distribution	openfabrics enterprise distribution	eq	1.4
openfabrics:enterprise_distribution	openfabrics enterprise distribution	eq	1.4.1
openfabrics:enterprise_distribution	openfabrics enterprise distribution	eq	1.4.2
openfabrics:enterprise_distribution	openfabrics enterprise distribution	eq	1.5

Rows per page:

1-10 of 111

References

git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git%3Ba=commit%3Bh=04bb801a31825d1559c4670253e1bea1291a1af8

secunia.com/advisories/45861

www.openwall.com/lists/oss-security/2011/09/06/3

www.openwall.com/lists/oss-security/2011/09/07/1

www.openwall.com/lists/oss-security/2011/09/07/3

www.securityfocus.com/bid/49486

exchange.xforce.ibmcloud.com/vulnerabilities/69631

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2011-3345

ubuntucve1 redhatcve1 prion1 cvelist1 nvd1