| 1 |
dannf |
824 |
Candidate: CVE-2007-1353 |
| 2 |
jmm |
813 |
References: |
| 3 |
dannf |
824 |
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.3 |
| 4 |
|
|
http://www.securityfocus.com/bid/23594 |
| 5 |
|
|
http://www.frsirt.com/english/advisories/2007/1495 |
| 6 |
|
|
http://secunia.com/advisories/24976 |
| 7 |
jmm |
813 |
Description: |
| 8 |
dannf |
824 |
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux |
| 9 |
|
|
kernel before 2.4.34.3 allows context-dependent attackers to read kernel |
| 10 |
|
|
memory and obtain sensitive information via unspecified vectors involving the |
| 11 |
|
|
copy_from_user function accessing an uninitialized stack buffer. |
| 12 |
jmm |
813 |
Ubuntu-Description: |
| 13 |
keescook-guest |
853 |
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak |
| 14 |
|
|
kernel memory contents via an uninitialized stack buffer. A local |
| 15 |
|
|
attacker could exploit this flaw to view sensitive kernel information. |
| 16 |
jmm |
867 |
Notes: |
| 17 |
|
|
jmm> This was fixed in git on 2007-05-04, marking 2.6.22 as fixed version |
| 18 |
jmm |
813 |
Bugs: |
| 19 |
jmm |
920 |
upstream: released (2.6.22) |
| 20 |
|
|
linux-2.6: released (2.6.22-1) |
| 21 |
dannf |
914 |
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/bluetooth-l2cap-hci-info-leaks.patch] |
| 22 |
jmm |
1141 |
2.6.8-sarge-security: released (2.6.8-17sarge1) [bluetooth-l2cap-hci-info-leaks.dpatch] |
| 23 |
jmm |
1139 |
2.4.27-sarge-security: released (2.4.27-10sarge6) [244_bluetooth-l2cap-hci-info-leaks.diff] |
| 24 |
keescook-guest |
900 |
2.6.15-dapper-security: released (2.6.15-28.57) |
| 25 |
keescook-guest |
899 |
2.6.17-edgy-security: released (2.6.17.1-11.39) [6529b3249b30c826d8ab991d839c6cb4e952c1ed] |
| 26 |
keescook-guest |
879 |
2.6.20-feisty-security: released (2.6.20-16.29) |
Parent Directory
| 
Revision Log