PT-2013-1388 · Linux · Linux Kernel

Dan Rosenberg

Publicado

2011-07-25

Atualizado

2024-06-15

CVE-2011-1180

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.39

Description The issue is related to multiple stack-based buffer overflows in the iriap getvaluebyclass indication function. This can be exploited by remote attackers who have connectivity to an IrDA infrared network. By sending a large integer value for either the name length or attribute length, attackers can cause a denial of service due to memory corruption, or possibly have other unspecified impacts.

Recommendations For Linux kernel versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue. As a temporary workaround, consider restricting access to IrDA infrared networks to minimize the risk of exploitation.

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

CVE-2011-1180

DSA-2240-1

DSA-2264-1

OPENSUSE-SU-2024:10128-1

USN-1141-1

USN-1159-1

USN-1160-1

USN-1162-1

USN-1167-1

USN-1187-1

USN-1189-1

USN-1202-1

USN-1204-1

USN-1212-1

USN-1256-1

Produtos afetados

Linux Kernel

PT-2013-1388 · Linux · Linux Kernel

CVE-2011-1180

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 102