// For flags

CVE-2007-1353

Bluetooth setsockopt() information leaks

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer.

La función setsockopt en el soporte Bluetooth L2CAP y HCI en el núcleo de Linux anterior a 2.4.34.3 permite a atacantes remotos dependientes de contexto leer la memoria del núcleo y obtener información sensible mediante vectores no especificados que implican la función copy_from_user accediendo a un búfer de pila no inicializado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-03-08 CVE Reserved
  • 2007-04-24 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (33)
URL Tag Source
http://secunia.com/advisories/25596 Third Party Advisory
http://secunia.com/advisories/25683 Third Party Advisory
http://secunia.com/advisories/25700 Third Party Advisory
http://secunia.com/advisories/25838 Third Party Advisory
http://secunia.com/advisories/26133 Third Party Advisory
http://secunia.com/advisories/26139 Third Party Advisory
http://secunia.com/advisories/26289 Third Party Advisory
http://secunia.com/advisories/26379 Third Party Advisory
http://secunia.com/advisories/26450 Third Party Advisory
http://secunia.com/advisories/26478 Third Party Advisory
http://secunia.com/advisories/27528 Third Party Advisory
http://secunia.com/advisories/29058 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-404.htm X_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.3 X_refsource_confirm
http://www.securityfocus.com/bid/23594 Vdb Entry
http://www.vupen.com/english/advisories/2007/1495 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10626 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://rhn.redhat.com/errata/RHSA-2007-0488.html 2017-10-11
http://secunia.com/advisories/24976 2017-10-11
http://www.debian.org/security/2007/dsa-1356 2017-10-11
http://www.debian.org/security/2008/dsa-1503 2017-10-11
http://www.debian.org/security/2008/dsa-1504 2017-10-11
http://www.novell.com/linux/security/advisories/2007_35_kernel.html 2017-10-11
http://www.redhat.com/support/errata/RHSA-2007-0671.html 2017-10-11
http://www.redhat.com/support/errata/RHSA-2007-0672.html 2017-10-11
http://www.redhat.com/support/errata/RHSA-2007-0673.html 2017-10-11
http://www.ubuntu.com/usn/usn-470-1 2017-10-11
http://www.ubuntu.com/usn/usn-486-1 2017-10-11
http://www.ubuntu.com/usn/usn-489-1 2017-10-11
https://rhn.redhat.com/errata/RHSA-2007-0376.html 2017-10-11
https://access.redhat.com/security/cve/CVE-2007-1353 2007-08-08
https://bugzilla.redhat.com/show_bug.cgi?id=243259 2007-08-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 2.4.34.2
Search vendor "Linux" for product "Linux Kernel" and version " <= 2.4.34.2"
-
Affected