Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-1170

Опубликовано: 10 мар. 2011
Источник: redhat
CVSS2: 2.1
EPSS Низкий

Описание

net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

Отчет

Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw.

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=689321kernel: ipv4: netfilter: arp_tables: fix infoleak to userspace

EPSS

Процентиль: 12%
0.00041
Низкий

2.1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-1170

ubuntu
почти 14 лет назад

net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

nvd логотип

CVE-2011-1170

nvd
почти 14 лет назад

net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

debian логотип

CVE-2011-1170

debian
почти 14 лет назад

net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linu ...

github логотип

GHSA-j5jh-7f58-6pjc

github
около 3 лет назад

net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

oracle-oval логотип

ELSA-2011-2016

oracle-oval
около 14 лет назад

ELSA-2011-2016: Unbreakable Enterprise kernel security fix update (IMPORTANT)

EPSS

Процентиль: 12%
0.00041
Низкий

2.1 Low

CVSS2