Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-1170

Опубликовано: 10 мар. 2011
Источник: redhat
CVSS2: 2.1

Описание

net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

Отчет

Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw.

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=689321kernel: ipv4: netfilter: arp_tables: fix infoleak to userspace

2.1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-1170

ubuntu
больше 14 лет назад

net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

nvd логотип

CVE-2011-1170

nvd
больше 14 лет назад

net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

debian логотип

CVE-2011-1170

debian
больше 14 лет назад

net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linu ...

github логотип

GHSA-j5jh-7f58-6pjc

github
больше 3 лет назад

net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

oracle-oval логотип

ELSA-2011-2016

oracle-oval
больше 14 лет назад

ELSA-2011-2016: Unbreakable Enterprise kernel security fix update (IMPORTANT)

2.1 Low

CVSS2

Уязвимость CVE-2011-1170