CVE-2011-1079 (retired)

Priority
Description
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux
kernel before 2.6.39 does not ensure that a certain device field ends with
a '\0' character, which allows local users to obtain potentially sensitive
information from kernel stack memory, or cause a denial of service (BUG and
system crash), via a BNEPCONNADD command.
Ubuntu-Description
Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check
that device name strings were NULL terminated. A local attacker could
exploit this to crash the system, leading to a denial of service, or leak
contents of kernel stack memory, leading to a loss of privacy.
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.39~rc1)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by 43629f8f5ea32a998d06d1bb41eefa0e821ff573
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
More Information

Updated: 2019-08-23 08:42:50 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)