CVE-2005-3180

Linux kernel <2.6.13 - Info Disclosure

Title source: llm

Description

The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information.

References (30)

[Mailing List] http://marc.info/?l=bugtraq&m=112914754708402&w=2

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-808.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11332

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0140.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0190.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0191.html

[Vendor Advisory] https://usn.ubuntu.com/219-1/

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2005:218

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2005:219

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2005:220

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2005:235

[Vendor Advisory] http://www.kernel.org/hg/linux-2.6/?cmd=changeset%3Bnode=feecb2ffde28639e60ede769c6f817dc536c677b

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/advisories/9549

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/advisories/9806

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/419522/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/427980/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/428028/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/428058/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/15085

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1017

... and 10 more

Scores

EPSS 0.0136

EPSS Percentile 79.9%

Classification

Status draft

Affected Products (1)

linux/linux_kernel < 2.6.13

Timeline

Published Oct 12, 2005

Tracked Since Feb 18, 2026