Vulnerability Details : CVE-2011-3345
ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2011-3345
- cpe:2.3:a:openfabrics:enterprise_distribution:*:*:*:*:*:*:*:*
- cpe:2.3:a:openfabrics:enterprise_distribution:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:openfabrics:enterprise_distribution:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:openfabrics:enterprise_distribution:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:openfabrics:enterprise_distribution:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:openfabrics:enterprise_distribution:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:openfabrics:enterprise_distribution:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:openfabrics:enterprise_distribution:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:openfabrics:enterprise_distribution:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:openfabrics:enterprise_distribution:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:openfabrics:enterprise_distribution:1.2.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3345
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3345
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2011-3345
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3345
-
http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git%3Ba=commit%3Bh=04bb801a31825d1559c4670253e1bea1291a1af8
404 Not Found
-
http://www.openwall.com/lists/oss-security/2011/09/07/3
oss-security - Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/69631
OpenFabrics Enterprise Distribution /proc/net/sdpstats denial of service CVE-2011-3345 Vulnerability Report
-
http://secunia.com/advisories/45861
Sign inVendor Advisory
-
http://www.openwall.com/lists/oss-security/2011/09/06/3
oss-security - CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crashPatch
-
http://www.securityfocus.com/bid/49486
OpenFabrics Enterprise Distribution Local Denial of Service Vulnerability
-
http://www.openwall.com/lists/oss-security/2011/09/07/1
oss-security - Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crashPatch
Jump to