CVE-2011-3345

Published: Sep 19, 2011Modified: Apr 29, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file.

Affected (11)

Products: Openfabrics: Enterprise Distribution

1 product

Enterprise Distribution

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Openfabrics Enterprise Distribution	Up to 1.5.2
Openfabrics Enterprise Distribution	Version 1.1
Openfabrics Enterprise Distribution	Version 1.2.5
Openfabrics Enterprise Distribution	Version 1.3.1
Openfabrics Enterprise Distribution	Version 1.3.2
Openfabrics Enterprise Distribution	Version 1.3
Openfabrics Enterprise Distribution	Version 1.4.1
Openfabrics Enterprise Distribution	Version 1.4.2
Openfabrics Enterprise Distribution	Version 1.4
Openfabrics Enterprise Distribution	Version 1.5.1
Openfabrics Enterprise Distribution	Version 1.5

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (14)

http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git%3Ba=commit%3Bh=04bb801a31825d1559c4670253e1bea1291a1af8

Source: secalert@redhat.com

http://secunia.com/advisories/45861

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2011/09/06/3

Source: secalert@redhat.com

Patch

http://www.openwall.com/lists/oss-security/2011/09/07/1

Source: secalert@redhat.com

Patch

http://www.openwall.com/lists/oss-security/2011/09/07/3

Source: secalert@redhat.com

http://www.securityfocus.com/bid/49486

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/69631

Source: secalert@redhat.com

http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git%3Ba=commit%3Bh=04bb801a31825d1559c4670253e1bea1291a1af8

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/45861

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openwall.com/lists/oss-security/2011/09/06/3

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.openwall.com/lists/oss-security/2011/09/07/1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.openwall.com/lists/oss-security/2011/09/07/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/49486

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/69631

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.