CVE-2011-1180

Published: 25 July 2011

Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length.

From the Ubuntu Security Team

Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges.

Priority

Cvss 3 Severity Score

9.8

Score breakdown

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	hardy	Released (2.6.24-29.93)
	lucid	Released (2.6.32-32.62)
	maverick	Released (2.6.35-30.52)
	natty	Released (2.6.38-9.43)
	oneiric	Not vulnerable (2.6.39-0.1)
	upstream	Released (2.6.39~rc1)
	Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by d370af0ef7951188daeb15bae75db7ba57c67846
linux-ec2 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.32-316.30)
	maverick	Ignored (end of life)
	natty	Does not exist
	oneiric	Does not exist
	upstream	Released (2.6.39~rc1)
	This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.
linux-fsl-imx51 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.31-610.27)
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Released (2.6.39~rc1)
	This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.
linux-lts-backport-maverick Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.35-30.54~lucid1)
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Released (2.6.39~rc1)
	This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.
linux-lts-backport-natty Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.38-9.43~lucid1)
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Released (2.6.39~rc1)
	This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Not vulnerable
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	upstream	Released (2.6.39~rc1)
linux-mvl-dove Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Released (2.6.32-217.34)
	maverick	Released (2.6.32-417.34)
	natty	Does not exist
	oneiric	Does not exist
	upstream	Released (2.6.39~rc1)
	This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.
linux-ti-omap4 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	maverick	Released (2.6.35-903.23)
	natty	Released (2.6.38-1209.13)
	oneiric	Not vulnerable (2.6.38-1309.13)
	upstream	Released (2.6.39~rc1)
	This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.

Severity score breakdown

Parameter	Value
Base score	9.8
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Bugs

https://launchpad.net/bugs/816547

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›