Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-1079
HistoryJul 25, 2011 - 12:00 a.m.

CVE-2011-1079

2011-07-2500:00:00
ubuntu.com
ubuntu.com
22

5.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:N/A:C

0.0004 Low

EPSS

Percentile

5.1%

The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux
kernel before 2.6.39 does not ensure that a certain device field ends with
a ‘\0’ character, which allows local users to obtain potentially sensitive
information from kernel stack memory, or cause a denial of service (BUG and
system crash), via a BNEPCONNADD command.

Bugs

5.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:N/A:C

0.0004 Low

EPSS

Percentile

5.1%