Vulnerability CVE-2011-1173


Published: 2011-06-22   Modified: 2012-02-13

Description:
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
linux kernel 2.6.38.8 econet infoleak to the network
Vasiliy KulikoV
24.06.2011

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Linux -> Kernel 
Linux -> Linux kernel 

 References:
http://www.openwall.com/lists/oss-security/2011/03/21/4
http://www.openwall.com/lists/oss-security/2011/03/21/1
http://www.openwall.com/lists/oss-security/2011/03/18/15
http://marc.info/?l=linux-netdev&m=130036203528021&w=2
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=67c5c6cb8129c595f21e88254a3fc6b3b841ae8e
https://bugzilla.redhat.com/show_bug.cgi?id=591815#c14
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
http://securityreason.com/securityalert/8279

Copyright 2024, cxsecurity.com

 

Back to Top