blob: 77d38479f89b6e65f454d0e34c15209d05175a93 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Candidate: CVE-2007-1353
References:
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.3
http://www.securityfocus.com/bid/23594
http://www.frsirt.com/english/advisories/2007/1495
http://secunia.com/advisories/24976
Description:
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux
kernel before 2.4.34.3 allows context-dependent attackers to read kernel
memory and obtain sensitive information via unspecified vectors involving the
copy_from_user function accessing an uninitialized stack buffer.
Ubuntu-Description:
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local
attacker could exploit this flaw to view sensitive kernel information.
Notes:
jmm> This was fixed in git on 2007-05-04, marking 2.6.22 as fixed version
Bugs:
upstream: pending (2.6.22)
linux-2.6:
2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch1) [bugfix/bluetooth-l2cap-hci-info-leaks.patch]
2.6.8-sarge-security:
2.4.27-sarge-security: pending (2.4.27-10sarge6) [244_bluetooth-l2cap-hci-info-leaks.diff]
2.6.15-dapper-security: pending (2.6.15-28.56)
2.6.17-edgy-security: released (2.6.17.1-11.39) [6529b3249b30c826d8ab991d839c6cb4e952c1ed]
2.6.20-feisty-security: released (2.6.20-16.29)
|