CVE-2011-3345 - Vulnerability Details - OpenCVE

ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openfabrics	Enterprise Distribution

Configuration 1 [-]

OR	cpe:2.3:a:openfabrics:enterprise_distribution::::::::
	cpe:2.3:a:openfabrics:enterprise_distribution:1.1:::::::*
	cpe:2.3:a:openfabrics:enterprise_distribution:1.2.5:::::::*
	cpe:2.3:a:openfabrics:enterprise_distribution:1.3:::::::*
	cpe:2.3:a:openfabrics:enterprise_distribution:1.3.1:::::::*
	cpe:2.3:a:openfabrics:enterprise_distribution:1.3.2:::::::*
	cpe:2.3:a:openfabrics:enterprise_distribution:1.4:::::::*
	cpe:2.3:a:openfabrics:enterprise_distribution:1.4.1:::::::*
	cpe:2.3:a:openfabrics:enterprise_distribution:1.4.2:::::::*
	cpe:2.3:a:openfabrics:enterprise_distribution:1.5:::::::*
	cpe:2.3:a:openfabrics:enterprise_distribution:1.5.1:::::::*

No data.

References

Link	Providers
http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git%3Ba=commit%3Bh=04bb801a31825d1559c4670253e1bea1291a1af8
http://secunia.com/advisories/45861
http://www.openwall.com/lists/oss-security/2011/09/06/3
http://www.openwall.com/lists/oss-security/2011/09/07/1
http://www.openwall.com/lists/oss-security/2011/09/07/3
http://www.securityfocus.com/bid/49486
https://exchange.xforce.ibmcloud.com/vulnerabilities/69631

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-09-17T10:00:00

Updated: 2024-08-06T23:29:56.659Z

Reserved: 2011-08-30T00:00:00

Link: CVE-2011-3345

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-09-19T12:02:57.073

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-3345

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-09-06T00:00:00", "descriptions": [{"lang": "en", "value": "ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "45861", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45861"}, {"name": "[oss-security] 20110907 Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/09/07/1"}, {"name": "[oss-security] 20110907 Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/09/07/3"}, {"name": "49486", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/49486"}, {"name": "ofed-sdpstats-dos(69631)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69631"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git%3Ba=commit%3Bh=04bb801a31825d1559c4670253e1bea1291a1af8"}, {"name": "[oss-security] 20110906 CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/09/06/3"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:29:56.659Z"}, "title": "CVE Program Container", "references": [{"name": "45861", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45861"}, {"name": "[oss-security] 20110907 Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/09/07/1"}, {"name": "[oss-security] 20110907 Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/09/07/3"}, {"name": "49486", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/49486"}, {"name": "ofed-sdpstats-dos(69631)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69631"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git%3Ba=commit%3Bh=04bb801a31825d1559c4670253e1bea1291a1af8"}, {"name": "[oss-security] 20110906 CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/09/06/3"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-3345", "datePublished": "2011-09-17T10:00:00", "dateReserved": "2011-08-30T00:00:00", "dateUpdated": "2024-08-06T23:29:56.659Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openfabrics:enterprise_distribution:*:*:*:*:*:*:*:*", "matchCriteriaId": "17082629-9D81-4504-B784-3F906DF6E76C", "versionEndIncluding": "1.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:openfabrics:enterprise_distribution:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1C17D3E1-4767-4C8F-A121-26CE2BFEA484", "vulnerable": true}, {"criteria": "cpe:2.3:a:openfabrics:enterprise_distribution:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "2824AE7C-874F-4E41-AEBD-A01F62237F99", "vulnerable": true}, {"criteria": "cpe:2.3:a:openfabrics:enterprise_distribution:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "26BFF477-8ADC-4FE2-BC86-E81EF47C3781", "vulnerable": true}, {"criteria": "cpe:2.3:a:openfabrics:enterprise_distribution:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "B23F8A97-A2BB-4555-8A46-FA95500D22D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openfabrics:enterprise_distribution:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "DC4DB82C-5471-42AF-A533-F0CD9B9FB3C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:openfabrics:enterprise_distribution:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "08888AB5-D34D-490A-8BA6-B5E684321BF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:openfabrics:enterprise_distribution:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A5443B73-8A3E-4647-9D6C-023DF7DD0D8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openfabrics:enterprise_distribution:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "9BECCA82-4801-4AA2-B251-FA3611CA2437", "vulnerable": true}, {"criteria": "cpe:2.3:a:openfabrics:enterprise_distribution:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "A9AC0CF1-C229-4850-9D3B-043ACA898FAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:openfabrics:enterprise_distribution:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "8081EB3B-0DD0-475D-9883-8166DA45161B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file."}, {"lang": "es", "value": "ulp/sdp/sdp_proc.c en el m\u00f3dulo de ib_sdp (tambi\u00e9n conocido como ib_sdp.ko) en el paquete de ofa_kernel en la implementaci\u00f3n del controlador InfiniBand en OpenFabrics Enterprise Distribution (OFED) antes de la v1.5.3 no maneja adecuadamente ciertas variables de no-array, que permite a los usuarios locales causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria de la pila y la ca\u00edda del sistema) mediante la lectura del archivo /proc/net/sdpstats."}], "id": "CVE-2011-3345", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-09-19T12:02:57.073", "references": [{"source": "secalert@redhat.com", "url": "http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git%3Ba=commit%3Bh=04bb801a31825d1559c4670253e1bea1291a1af8"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45861"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/09/06/3"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/09/07/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/09/07/3"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/49486"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69631"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git%3Ba=commit%3Bh=04bb801a31825d1559c4670253e1bea1291a1af8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/09/06/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/09/07/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2011/09/07/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/49486"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69631"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}