CVE-2011-1173

Sažetak

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.

Reference

http://marc.info/?l=linux-netdev&m=130036203528021&w=2
http://www.openwall.com/lists/oss-security/2011/03/18/15
http://www.openwall.com/lists/oss-security/2011/03/21/4
http://www.openwall.com/lists/oss-security/2011/03/21/1
https://bugzilla.redhat.com/show_bug.cgi?id=591815#c14
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
http://securityreason.com/securityalert/8279
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=67c5c6cb8129c595f21e88254a3fc6b3b841ae8e

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

13-02-2023 - 01:19

Objavljeno

22-06-2011 - 22:55