// For flags

CVE-2007-1353

Bluetooth setsockopt() information leaks

Severity Score

2.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer.

La función setsockopt en el soporte Bluetooth L2CAP y HCI en el núcleo de Linux anterior a 2.4.34.3 permite a atacantes remotos dependientes de contexto leer la memoria del núcleo y obtener información sensible mediante vectores no especificados que implican la función copy_from_user accediendo a un búfer de pila no inicializado.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-03-08 CVE Reserved
  • 2007-04-24 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-09-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (33)
URL Tag Source
http://secunia.com/advisories/25596 Third Party Advisory
http://secunia.com/advisories/25683 Third Party Advisory
http://secunia.com/advisories/25700 Third Party Advisory
http://secunia.com/advisories/25838 Third Party Advisory
http://secunia.com/advisories/26133 Third Party Advisory
http://secunia.com/advisories/26139 Third Party Advisory
http://secunia.com/advisories/26289 Third Party Advisory
http://secunia.com/advisories/26379 Third Party Advisory
http://secunia.com/advisories/26450 Third Party Advisory
http://secunia.com/advisories/26478 Third Party Advisory
http://secunia.com/advisories/27528 Third Party Advisory
http://secunia.com/advisories/29058 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-404.htm X_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.3 X_refsource_confirm
http://www.securityfocus.com/bid/23594 Vdb Entry
http://www.vupen.com/english/advisories/2007/1495 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10626 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://rhn.redhat.com/errata/RHSA-2007-0488.html 2017-10-11
http://secunia.com/advisories/24976 2017-10-11
http://www.debian.org/security/2007/dsa-1356 2017-10-11
http://www.debian.org/security/2008/dsa-1503 2017-10-11
http://www.debian.org/security/2008/dsa-1504 2017-10-11
http://www.novell.com/linux/security/advisories/2007_35_kernel.html 2017-10-11
http://www.redhat.com/support/errata/RHSA-2007-0671.html 2017-10-11
http://www.redhat.com/support/errata/RHSA-2007-0672.html 2017-10-11
http://www.redhat.com/support/errata/RHSA-2007-0673.html 2017-10-11
http://www.ubuntu.com/usn/usn-470-1 2017-10-11
http://www.ubuntu.com/usn/usn-486-1 2017-10-11
http://www.ubuntu.com/usn/usn-489-1 2017-10-11
https://rhn.redhat.com/errata/RHSA-2007-0376.html 2017-10-11
https://access.redhat.com/security/cve/CVE-2007-1353 2007-08-08
https://bugzilla.redhat.com/show_bug.cgi?id=243259 2007-08-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 2.4.34.2
Search vendor "Linux" for product "Linux Kernel" and version " <= 2.4.34.2"
-
Affected