Ubuntu
linux-ec2 package

CVE-2011-0712 "linux plug&pwn"

Bug #741925 reported by giff gill on 2011-03-24

This bug report is a duplicate of: Bug #768448: CVE-2011-0712. Edit Remove

256

This bug affects 1 person

	Status	Importance	Assigned to
linux (Ubuntu)	Confirmed	Low	Unassigned
linux-ec2 (Ubuntu)	New	Undecided	Unassigned
linux-linaro (Ubuntu)	New	Undecided	Unassigned
linux-lts-backport-maverick (Ubuntu)	New	Undecided	Unassigned
linux-lts-backport-natty (Ubuntu)	New	Undecided	Unassigned
linux-mvl-dove (Ubuntu)	New	Undecided	Unassigned
linux-qcm-msm (Ubuntu)	New	Undecided	Unassigned

Bug Description

Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.

Tags:

CVE References

2011-0712

Revision history for this message

giff gill (giffgilll-deactivatedaccount) wrote on 2011-03-24:

To determine the severity and urgency of the bug I'd like to know if one needs a special programmable usb device for this bug or can benign usb storage and similar devices be modified as well to trigger the bug?

visibility:

private → public

giff gill (giffgilll-deactivatedaccount) on 2011-03-24

tags:

added: maverick

Marc Deslauriers (mdeslaur) on 2011-03-25

Changed in linux (Ubuntu):
status:	New → Confirmed
importance:	Undecided → Medium
importance:	Medium → Low

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #768448 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-ec2 package