Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-2492 (GCVE-0-2011-2492)
Vulnerability from cvelistv5 – Published: 2011-07-28 22:00 – Updated: 2024-08-06 23:00
VLAI?
EPSS
Summary
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d03e971cf403305217b8e62db3a2e5ad2d6263f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=703019"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4"
},
{
"name": "[oss-security] 20110624 Re: CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/3"
},
{
"name": "1025778",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025778"
},
{
"name": "[oss-security] 20110624 CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/2"
},
{
"name": "[linux-bluetooth] 20110508 Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://permalink.gmane.org/gmane.linux.bluez.kernel/12909"
},
{
"name": "HPSBGN02970",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-08-19T15:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d03e971cf403305217b8e62db3a2e5ad2d6263f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=703019"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4"
},
{
"name": "[oss-security] 20110624 Re: CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/3"
},
{
"name": "1025778",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025778"
},
{
"name": "[oss-security] 20110624 CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/2"
},
{
"name": "[linux-bluetooth] 20110508 Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://permalink.gmane.org/gmane.linux.bluez.kernel/12909"
},
{
"name": "HPSBGN02970",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2492",
"datePublished": "2011-07-28T22:00:00.000Z",
"dateReserved": "2011-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:34.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-HP8M-J8QG-PRR2
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24
VLAI?
Details
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.
{
"affected": [],
"aliases": [
"CVE-2011-2492"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-07-28T22:55:00Z",
"severity": "LOW"
},
"details": "The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.",
"id": "GHSA-hp8m-j8qg-prr2",
"modified": "2022-05-13T01:24:48Z",
"published": "2022-05-13T01:24:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2492"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=703019"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d03e971cf403305217b8e62db3a2e5ad2d6263f"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d03e971cf403305217b8e62db3a2e5ad2d6263f"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2"
},
{
"type": "WEB",
"url": "http://permalink.gmane.org/gmane.linux.bluez.kernel/12909"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1025778"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/3"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTA-2012-AVI-518
Vulnerability from certfr_avis - Published: 2012-09-24 - Updated: 2012-09-24
De multiples vulnérabilités ont été corrigées dans les produits Avaya. Les correctifs sont liés à la mise à jour de leurs systèmes Redhat.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| AVAYA | N/A | Avaya Aura Presence Services versions 6.x | ||
| AVAYA | N/A | Avaya Aura Communication Manager versions 6.x | ||
| AVAYA | N/A | Avaya Proactive Contact versions 5.x | ||
| AVAYA | N/A | Avaya IP Office Application Server versions 7.x | ||
| AVAYA | N/A | Avaya IP Office Application Server versions 6.x | ||
| AVAYA | N/A | Avaya Aura Communication Manager versions 5.x | ||
| AVAYA | N/A | Avaya Voice Portal version 5.1 | ||
| AVAYA | N/A | Avaya IQ versions 5.x | ||
| AVAYA | N/A | Avaya Aura System Platform versions 1.x | ||
| AVAYA | N/A | Avaya Voice Portal version 5.0 | ||
| AVAYA | N/A | Avaya Aura Messaging versions 6.x | ||
| AVAYA | N/A | Avaya Aura System Platform versions 6.0.x | ||
| AVAYA | N/A | Avaya Aura System Manager versions 6.x | ||
| AVAYA | N/A | Avaya Voice Portal version 5.1.1 | ||
| AVAYA | N/A | Avaya Voice Portal version 5.1.2 | ||
| AVAYA | N/A | Avaya Aura SIP Enablement Services versions 5.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager version 6.2 | ||
| AVAYA | N/A | Avaya IP Office Application Server versions 8.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager versions 5.x | ||
| AVAYA | N/A | Avaya Aura System Manager versions 5.x | ||
| AVAYA | N/A | Avaya Aura Application Enablement Services versions 5.x | ||
| AVAYA | N/A | Avaya Aura Experience Portal versions 6.x | ||
| AVAYA | N/A | Avaya Meeting Exchange versions 5.x | ||
| AVAYA | N/A | Avaya Messaging Storage Server 5.2.x | ||
| AVAYA | N/A | Avaya Aura Conferencing Standard Edition versions 6.x | ||
| AVAYA | N/A | Avaya Aura Communication Manager versions 4.x | ||
| AVAYA | N/A | Avaya Aura Application Server 5300 | ||
| AVAYA | N/A | Avaya Aurora Session Manager versions 1.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager version 6.2.1 | ||
| AVAYA | N/A | Avaya Communication Server 1000 versions 7.x | ||
| AVAYA | N/A | Avaya Aura Application Enablement Services versions 6.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager versions 6.0.x | ||
| AVAYA | N/A | Avaya Communication Server 1000 versions 6.x | ||
| AVAYA | N/A | Avaya Aura System Platform version 6.2 | ||
| AVAYA | N/A | Avaya Aura Communication Manager Utility Services versions 6.x | ||
| AVAYA | N/A | Avaya Aurora Session Manager versions 6.1.x |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avaya Aura Presence Services versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Communication Manager versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Proactive Contact versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IP Office Application Server versions 7.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IP Office Application Server versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Communication Manager versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal version 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IQ versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Platform versions 1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal version 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Messaging versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Platform versions 6.0.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Manager versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal version 5.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Voice Portal version 5.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura SIP Enablement Services versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager version 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya IP Office Application Server versions 8.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Manager versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Application Enablement Services versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Experience Portal versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Meeting Exchange versions 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Messaging Storage Server 5.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Conferencing Standard Edition versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Communication Manager versions 4.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Application Server 5300",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager versions 1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager version 6.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Communication Server 1000 versions 7.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Application Enablement Services versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager versions 6.0.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Communication Server 1000 versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura System Platform version 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aura Communication Manager Utility Services versions 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
},
{
"description": "Avaya Aurora Session Manager versions 6.1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "AVAYA",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2213"
},
{
"name": "CVE-2010-4649",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4649"
},
{
"name": "CVE-2011-1044",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1044"
},
{
"name": "CVE-2011-2022",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2022"
},
{
"name": "CVE-2011-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1746"
},
{
"name": "CVE-2011-0695",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0695"
},
{
"name": "CVE-2011-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1745"
},
{
"name": "CVE-2012-0884",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
},
{
"name": "CVE-2011-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1776"
},
{
"name": "CVE-2011-4028",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4028"
},
{
"name": "CVE-2011-1936",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1936"
},
{
"name": "CVE-2011-1593",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1593"
},
{
"name": "CVE-2011-1182",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1182"
},
{
"name": "CVE-2012-1165",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1165"
},
{
"name": "CVE-2012-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-2492",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2492"
},
{
"name": "CVE-2011-1573",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1573"
},
{
"name": "CVE-2011-0419",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
},
{
"name": "CVE-2011-0711",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0711"
},
{
"name": "CVE-2011-1576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1576"
}
],
"initial_release_date": "2012-09-24T00:00:00",
"last_revision_date": "2012-09-24T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100160780"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100160023"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 19 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100162507"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100160589"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 19 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100147390"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 AVAYA du 18 septembre 2012 :",
"url": "https://downloads.avaya.com/css/P8/documents/100141102"
}
],
"reference": "CERTA-2012-AVI-518",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eAvaya\u003c/span\u003e. Les correctifs sont li\u00e9s \u00e0 la mise \u00e0 jour\nde leurs syst\u00e8mes \u003cspan class=\"textit\"\u003eRedhat\u003c/span\u003e.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Avaya",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 Avaya",
"url": null
}
]
}
CERTA-2012-AVI-046
Vulnerability from certfr_avis - Published: 2012-02-01 - Updated: 2012-02-01
Un grand nombre de vulnérabilités, dont certaines permettent d'exécuter du code arbitraire à distance, sont présentes dans VMware ESX et VMware ESXi.
Description
Un grand nombre de vulnérabilités existe dans VMWare ESX et VMware ESXi dont certaines, particulièrement critiques, peuvent conduire à une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware ESXi 4.1 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX 4.1.",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUn grand nombre de vuln\u00e9rabilit\u00e9s existe dans VMWare ESX et VMware ESXi\ndont certaines, particuli\u00e8rement critiques, peuvent conduire \u00e0 une\nex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1170"
},
{
"name": "CVE-2010-1634",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1634"
},
{
"name": "CVE-2010-2059",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2059"
},
{
"name": "CVE-2011-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2901"
},
{
"name": "CVE-2011-2694",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2694"
},
{
"name": "CVE-2011-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2213"
},
{
"name": "CVE-2010-4649",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4649"
},
{
"name": "CVE-2009-3560",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
},
{
"name": "CVE-2011-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1494"
},
{
"name": "CVE-2011-1044",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1044"
},
{
"name": "CVE-2011-3378",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3378"
},
{
"name": "CVE-2011-2022",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2022"
},
{
"name": "CVE-2011-1080",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1080"
},
{
"name": "CVE-2011-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1746"
},
{
"name": "CVE-2011-0695",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0695"
},
{
"name": "CVE-2011-2522",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2522"
},
{
"name": "CVE-2011-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1745"
},
{
"name": "CVE-2011-1780",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1780"
},
{
"name": "CVE-2011-1078",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1078"
},
{
"name": "CVE-2010-3493",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3493"
},
{
"name": "CVE-2011-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1776"
},
{
"name": "CVE-2011-1171",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1171"
},
{
"name": "CVE-2011-1936",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1936"
},
{
"name": "CVE-2011-1678",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1678"
},
{
"name": "CVE-2011-1593",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1593"
},
{
"name": "CVE-2011-1182",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1182"
},
{
"name": "CVE-2011-1093",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1093"
},
{
"name": "CVE-2011-2517",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2517"
},
{
"name": "CVE-2011-1521",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1521"
},
{
"name": "CVE-2011-1763",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1763"
},
{
"name": "CVE-2011-2192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2192"
},
{
"name": "CVE-2011-0726",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0726"
},
{
"name": "CVE-2011-1015",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1015"
},
{
"name": "CVE-2011-2492",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2492"
},
{
"name": "CVE-2011-1079",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1079"
},
{
"name": "CVE-2011-2525",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2525"
},
{
"name": "CVE-2011-2482",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2482"
},
{
"name": "CVE-2011-1573",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1573"
},
{
"name": "CVE-2011-1166",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1166"
},
{
"name": "CVE-2011-2689",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2689"
},
{
"name": "CVE-2010-0787",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0787"
},
{
"name": "CVE-2011-1172",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1172"
},
{
"name": "CVE-2011-1163",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1163"
},
{
"name": "CVE-2010-2089",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2089"
},
{
"name": "CVE-2010-0547",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0547"
},
{
"name": "CVE-2009-3720",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
},
{
"name": "CVE-2011-1577",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1577"
},
{
"name": "CVE-2011-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2519"
},
{
"name": "CVE-2011-1495",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1495"
},
{
"name": "CVE-2011-0711",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0711"
},
{
"name": "CVE-2011-2491",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2491"
},
{
"name": "CVE-2011-1576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1576"
},
{
"name": "CVE-2011-2495",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2495"
}
],
"initial_release_date": "2012-02-01T00:00:00",
"last_revision_date": "2012-02-01T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0001 du 30 janvier 2012 :",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0001.html"
}
],
"reference": "CERTA-2012-AVI-046",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-02-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Un grand nombre de vuln\u00e9rabilit\u00e9s, dont certaines permettent d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance, sont pr\u00e9sentes dans VMware ESX et VMware\nESXi.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans VMware ESX et ESXi",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0001 du 30 janvier 2012",
"url": null
}
]
}
CERTA-2011-AVI-393
Vulnerability from certfr_avis - Published: 2011-07-18 - Updated: 2011-07-18
Plusieurs vulnérabilités affectant le noyau Linux Red Hat ont été corrigées par la mise à jour RHSA-2011:0927.
Description
Un total de 15 vulnérabilités ont été corrigées par la mise à jour Red Hat Linux RHSA-2011:0927 du 15 juillet 2011.
Parmi celles-ci, six sont marquées comme importantes et concernent des vulnérabilités de type déni de service et/ou élévation de privilèges. Quatre sont classifiées comme ayant un impact modéré. Elles ont pour conséquence un déni de service. Les cinq dernières sont considérées comme ayant un impact faible et correspondent à des fuites d'informations ou des dénis de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux EUS (v. 5.6.z server) ; | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux (v. 5 server) ; | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Long Life (v. 5.6 server). | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Desktop (v. 5 client) ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux EUS (v. 5.6.z server) ;",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux (v. 5 server) ;",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Long Life (v. 5.6 server).",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Desktop (v. 5 client) ;",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUn total de 15 vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es par la mise \u00e0 jour Red\nHat Linux RHSA-2011:0927 du 15 juillet 2011.\n\nParmi celles-ci, six sont marqu\u00e9es comme importantes et concernent des\nvuln\u00e9rabilit\u00e9s de type d\u00e9ni de service et/ou \u00e9l\u00e9vation de privil\u00e8ges.\nQuatre sont classifi\u00e9es comme ayant un impact mod\u00e9r\u00e9. Elles ont pour\ncons\u00e9quence un d\u00e9ni de service. Les cinq derni\u00e8res sont consid\u00e9r\u00e9es\ncomme ayant un impact faible et correspondent \u00e0 des fuites\nd\u0027informations ou des d\u00e9nis de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2213"
},
{
"name": "CVE-2011-1044",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1044"
},
{
"name": "CVE-2011-2022",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2022"
},
{
"name": "CVE-2011-4649",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4649"
},
{
"name": "CVE-2011-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1746"
},
{
"name": "CVE-2011-0695",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0695"
},
{
"name": "CVE-2011-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1745"
},
{
"name": "CVE-2011-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1776"
},
{
"name": "CVE-2011-1936",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1936"
},
{
"name": "CVE-2011-1593",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1593"
},
{
"name": "CVE-2011-1182",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1182"
},
{
"name": "CVE-2011-2492",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2492"
},
{
"name": "CVE-2011-1573",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1573"
},
{
"name": "CVE-2011-0711",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0711"
},
{
"name": "CVE-2011-1576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1576"
}
],
"initial_release_date": "2011-07-18T00:00:00",
"last_revision_date": "2011-07-18T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2011:0927 du 15 juillet 2011 :",
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
}
],
"reference": "CERTA-2011-AVI-393",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant le noyau Linux Red Hat ont \u00e9t\u00e9\ncorrig\u00e9es par la mise \u00e0 jour RHSA-2011:0927.\n",
"title": "Mise \u00e0 jour du noyau Red Hat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2011:0927-1 du 15 juillet 2011",
"url": null
}
]
}
GSD-2011-2492
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2011-2492",
"description": "The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.",
"id": "GSD-2011-2492",
"references": [
"https://www.suse.com/security/cve/CVE-2011-2492.html",
"https://www.debian.org/security/2011/dsa-2310",
"https://www.debian.org/security/2011/dsa-2303",
"https://access.redhat.com/errata/RHSA-2011:1253",
"https://access.redhat.com/errata/RHSA-2011:1189",
"https://access.redhat.com/errata/RHSA-2011:0927",
"https://linux.oracle.com/cve/CVE-2011-2492.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-2492"
],
"details": "The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.",
"id": "GSD-2011-2492",
"modified": "2023-12-13T01:19:06.654440Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rhn.redhat.com/errata/RHSA-2011-0927.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"name": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2",
"refsource": "MISC",
"url": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d03e971cf403305217b8e62db3a2e5ad2d6263f",
"refsource": "MISC",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d03e971cf403305217b8e62db3a2e5ad2d6263f"
},
{
"name": "http://permalink.gmane.org/gmane.linux.bluez.kernel/12909",
"refsource": "MISC",
"url": "http://permalink.gmane.org/gmane.linux.bluez.kernel/12909"
},
{
"name": "http://securitytracker.com/id?1025778",
"refsource": "MISC",
"url": "http://securitytracker.com/id?1025778"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4",
"refsource": "MISC",
"url": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4"
},
{
"name": "http://www.openwall.com/lists/oss-security/2011/06/24/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/2"
},
{
"name": "http://www.openwall.com/lists/oss-security/2011/06/24/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=703019",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=703019"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_aus:5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2492"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110624 CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/2"
},
{
"name": "[linux-bluetooth] 20110508 Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.",
"refsource": "MLIST",
"tags": [
"Broken Link"
],
"url": "http://permalink.gmane.org/gmane.linux.bluez.kernel/12909"
},
{
"name": "1025778",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025778"
},
{
"name": "[oss-security] 20110624 Re: CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/3"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4",
"refsource": "CONFIRM",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=703019",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=703019"
},
{
"name": "RHSA-2011:0927",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"name": "HPSBGN02970",
"refsource": "HP",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d03e971cf403305217b8e62db3a2e5ad2d6263f",
"refsource": "MISC",
"tags": [],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d03e971cf403305217b8e62db3a2e5ad2d6263f"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T01:19Z",
"publishedDate": "2011-07-28T22:55Z"
}
}
}
FKIE_CVE-2011-2492
Vulnerability from fkie_nvd - Published: 2011-07-28 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 3.0 | |
| linux | linux_kernel | 3.0 | |
| linux | linux_kernel | 3.0 | |
| linux | linux_kernel | 3.0 | |
| redhat | enterprise_linux_aus | 5.6 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_eus | 5.6 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_workstation | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0135A6D-9FB7-4E1B-B471-914E37494942",
"versionEndExcluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2E4912EC-CC92-41CA-A2DA-027291975A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D30AEC07-3CBD-4F4F-9646-BEAA1D98750B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2AA8E68-691B-499C-AEDD-3C0BFFE70044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9440475B-5960-4066-A204-F30AAFC87846",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D9A0B9-D6B1-42C3-9571-72B7B2D72776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "903512FC-0017-4564-9B89-7E64FFB14B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c."
},
{
"lang": "es",
"value": "El subsistema de bluetooth en el kernel de Linux anteriores a v3.0-rc4 no inicializa correctamente algunas estructuras de datos, lo que permite a usuarios locales obtener informaci\u00f3n sensible de la memoria del kernel a trav\u00e9s de una llamada getsockopt manipulada, en relaci\u00f3n con (1) la funci\u00f3n l2cap_sock_getsockopt_old en net/bluetooth/l2cap_sock.c y (2) la funci\u00f3n rfcomm_sock_getsockopt_old en net/bluetooth/rfcomm/sock.c."
}
],
"id": "CVE-2011-2492",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-28T22:55:01.593",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d03e971cf403305217b8e62db3a2e5ad2d6263f"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://permalink.gmane.org/gmane.linux.bluez.kernel/12909"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025778"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=703019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d03e971cf403305217b8e62db3a2e5ad2d6263f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://permalink.gmane.org/gmane.linux.bluez.kernel/12909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1025778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=703019"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-2492
Vulnerability from fstec - Published: 28.07.2011
VLAI Severity ?
Title
Уязвимость операционной системы Linux, позволяющая злоумышленнику получить доступ к конфиденциальной информации из памяти ядра
Description
Уязвимость существует в подсистеме bluetooth в ядре Linux из-за некорректной инициализации структур данных. Эксплуатация данной уязвимости позволяет локальным пользователям получить доступ к конфиденциальной информации из памяти ядра, используя специально сформированный системный вызов getsockopt; данная уязвимость связана с функцией l2cap_sock_getsockopt_old в net/bluetooth/l2cap_sock.c и функцией rfcomm_sock_getsockopt_old в net/bluetooth/rfcomm/sock.c
Severity ?
Vendor
Сообщество свободного программного обеспечения
Software Name
Linux
Software Version
от 2.6.0 до 2.6.38 включительно (Linux), 3.0 (Linux)
Possible Mitigations
Обновление ядра операционной системы до версии 2.6.4 и выше, за исключением версии 3.0
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492
CWE
CWE-20
{
"CVSS 2.0": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 2.6.0 \u0434\u043e 2.6.38 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), 3.0 (Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.6.4 \u0438 \u0432\u044b\u0448\u0435, \u0437\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c \u0432\u0435\u0440\u0441\u0438\u0438 3.0",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.07.2011",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.11.2016",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.07.2016",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2014-00069",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2011-2492",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Linux",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 2.6.0 \u0434\u043e 2.6.38 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 2.6.0 \u0434\u043e 2.6.38 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e 32-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux 3.0 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux 3.0 32-bit",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u0437 \u043f\u0430\u043c\u044f\u0442\u0438 \u044f\u0434\u0440\u0430",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u0435 bluetooth \u0432 \u044f\u0434\u0440\u0435 Linux \u0438\u0437-\u0437\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0434\u0430\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u0437 \u043f\u0430\u043c\u044f\u0442\u0438 \u044f\u0434\u0440\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 \u0432\u044b\u0437\u043e\u0432 getsockopt; \u0434\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 l2cap_sock_getsockopt_old \u0432 net/bluetooth/l2cap_sock.c \u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 rfcomm_sock_getsockopt_old \u0432 net/bluetooth/rfcomm/sock.c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 1,9)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…