CVE-2011-1173

Current Description

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.

Basic Data

PublishedJune 22, 2011
Last ModifiedJuly 29, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-200
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********2.6.39

Vulnerable Software List

VendorProductVersions
Linux Linux Kernel *

References

NameSourceURLTags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=67c5c6cb8129c595f21e88254a3fc6b3b841ae8ehttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=67c5c6cb8129c595f21e8825CONFIRMPatch Vendor Advisory
[netdev] 20110317 [PATCH] econet: 4 byte infoleak to the networkhttp://marc.info/?l=linux-netdev&m=130036203528021&w=2MLISTPatch Third Party Advisory
8279http://securityreason.com/securityalert/8279SREASONThird Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39CONFIRMRelease Notes Vendor Advisory
[oss-security] 20110318 CVE request: kernel: netfilter & econet infoleakshttp://www.openwall.com/lists/oss-security/2011/03/18/15MLISTMailing List Patch Third Party Advisory
[oss-security] 20110321 Re: CVE request: kernel: netfilter & econet infoleakshttp://www.openwall.com/lists/oss-security/2011/03/21/1MLISTMailing List Patch Third Party Advisory
[oss-security] 20110321 Re: CVE request: kernel: netfilter & econet infoleakshttp://www.openwall.com/lists/oss-security/2011/03/21/4MLISTMailing List Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=591815#c14https://bugzilla.redhat.com/show_bug.cgi?id=591815#c14MISCIssue Tracking Third Party Advisory