The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
| Link | Tags |
|---|---|
| http://openwall.com/lists/oss-security/2010/12/20/2 | third party advisory mailing list |
| http://www.spinics.net/lists/netdev/msg145796.html | third party advisory mailing list |
| http://www.spinics.net/lists/netdev/msg146270.html | mailing list third party advisory patch |
| http://openwall.com/lists/oss-security/2010/12/21/1 | third party advisory mailing list |
| http://openwall.com/lists/oss-security/2010/11/04/4 | third party advisory mailing list |
| https://bugzilla.redhat.com/show_bug.cgi?id=664544 | issue tracking third party advisory |
| http://www.spinics.net/lists/netdev/msg146468.html | third party advisory mailing list |
| http://www.spinics.net/lists/netdev/msg145791.html | mailing list exploit third party advisory |
| http://www.securityfocus.com/bid/44661 | vdb entry third party advisory |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 | third party advisory vendor advisory |
| http://openwall.com/lists/oss-security/2010/11/03/3 | third party advisory mailing list |