CVE-2011-1173

high

Description

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.

References

https://bugzilla.redhat.com/show_bug.cgi?id=591815#c14

http://www.openwall.com/lists/oss-security/2011/03/21/4

http://www.openwall.com/lists/oss-security/2011/03/21/1

http://www.openwall.com/lists/oss-security/2011/03/18/15

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39

http://securityreason.com/securityalert/8279

http://marc.info/?l=linux-netdev&m=130036203528021&w=2

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=67c5c6cb8129c595f21e88254a3fc6b3b841ae8e

Details

Source: Mitre, NVD

Published: 2011-06-22

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High