Veracode Vulnerability DatabaseVERACODE:24646Information Disclosure
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
kernel is vulnerable to information disclosure. A logic error in the orinoco_ioctl_set_auth() function in the Linux kernel’s ORiNOCO wireless extensions support implementation could render TKIP countermeasures ineffective when it is enabled, as it enabled the card instead of shutting it down, allowing remote attackers to obtain access to read Wi-Fi frames.
References
docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Technical_Notes/ape.html#RHSA-2011-0421
ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0a54917c3fc295cb61f3fb52373c173fd3b69f48
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0a54917c3fc295cb61f3fb52373c173fd3b69f48
www.openwall.com/lists/oss-security/2011/01/06/18
access.redhat.com/errata/RHSA-2011:0421
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=667907
github.com/torvalds/linux/commit/0a54917c3fc295cb61f3fb52373c173fd3b69f48
Related
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N