Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 385941 (CVE-2011-2517) - Kernel: linux >= 2.6.39.1 errors in net/wireless/nl80211.c (CVE-2011-2517)
Summary: Kernel: linux >= 2.6.39.1 errors in net/wireless/nl80211.c (CVE-2011-2517)
Status: RESOLVED FIXED
Alias: CVE-2011-2517
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: http://secunia.com/advisories/44754/
Whiteboard: [linux >= 2.6.39.1]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-06 20:30 UTC by Michael Harrison
Modified: 2018-04-04 17:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Harrison 2011-10-06 20:30:54 UTC
Some errors in net/wireless/nl80211.c when processing SSID strings can be exploited to cause a buffer overflow via an overly long string.
Comment 1 Michael Harrison 2012-01-31 11:52:37 UTC
I believe this is related to the same advisory:

An integer underflow error within the "l2cap_config_req()" function in net/bluetooth/l2cap_core.c when handling a l2cap configuration request can be exploited to cause a buffer overflow.

Successful exploitation of the net/wireless/nl80211.c vulnerability requires "CAP_NET_ADMIN" capabilities. It is undetermined whether the above vulnerability does as well.

Original Advisory:
http://marc.info/?l=linux-kernel&m=130891911909436&w=2

Patch for l2cap_core.c vuln:
http://marc.info/?l=linux-bluetooth&m=130891949809746&w=2
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 17:38:25 UTC
There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.