Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3345

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2011-3345
Last Modified 22 Sep 2011 12:00:00
Published 19 Sep 2011 08:02:57
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-3345

Summary

ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file.

Vulnerable Systems

Application

  • Openfabrics Enterprise Distribution 1.1

  • Openfabrics Enterprise Distribution 1.2.5

  • Openfabrics Enterprise Distribution 1.3

  • Openfabrics Enterprise Distribution 1.3.1

  • Openfabrics Enterprise Distribution 1.3.2

  • Openfabrics Enterprise Distribution 1.4

  • Openfabrics Enterprise Distribution 1.4.1

  • Openfabrics Enterprise Distribution 1.4.2

  • Openfabrics Enterprise Distribution 1.5

  • Openfabrics Enterprise Distribution 1.5.1

  • Openfabrics Enterprise Distribution 1.5.2


References

MLIST - [oss-security] 20110907 Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash

MLIST - [oss-security] 20110906 CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash

CONFIRM - http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git;a=commit;h=04bb801a31825d1559c4670253e1bea1291a1af8

XF - ofed-sdpstats-dos(69631)

BID - 49486

SECUNIA - 45861


Last Updated: 27 May 2016 10:57:42