CVE-2011-2480

Sažetak

Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information.

Reference

https://access.redhat.com/security/cve/cve-2011-2480
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631160
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631161
https://security-tracker.debian.org/tracker/CVE-2011-2480
https://www.openwall.com/lists/oss-security/2011/06/20/15

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

10-12-2019 - 18:31

Objavljeno

27-11-2019 - 19:15