PublicDateAtUSN: 2011-06-22 Candidate: CVE-2011-1170 PublicDate: 2011-06-22 22:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170 https://ubuntu.com/security/notices/USN-1167-1 https://ubuntu.com/security/notices/USN-1159-1 https://ubuntu.com/security/notices/USN-1160-1 https://ubuntu.com/security/notices/USN-1141-1 https://ubuntu.com/security/notices/USN-1162-1 https://ubuntu.com/security/notices/USN-1186-1 https://ubuntu.com/security/notices/USN-1187-1 https://ubuntu.com/security/notices/USN-1202-1 https://ubuntu.com/security/notices/USN-1204-1 https://ubuntu.com/security/notices/USN-1212-1 Description: net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. Ubuntu-Description: Vasiliy Kulikov discovered that the netfilter code did not check certain strings copied from userspace. A local attacker with netfilter access could exploit this to read kernel memory or crash the system, leading to a denial of service. Notes: Bugs: https://launchpad.net/bugs/801480 Priority: low Discovered-by: Vasiliy Kulikov Assigned-to: CVSS: Patches_linux: upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=42eab94fff18cb1091d3501cd284d6bd6cc9c143 upstream_linux: released (2.6.39~rc1) hardy_linux: released (2.6.24-29.92) lucid_linux: released (2.6.32-32.62) maverick_linux: released (2.6.35-30.52) natty_linux: released (2.6.38-9.43) devel_linux: not-affected (2.6.39-0.1) Patches_linux-ec2: upstream_linux-ec2: released (2.6.39~rc1) hardy_linux-ec2: DNE lucid_linux-ec2: released (2.6.32-316.30) maverick_linux-ec2: ignored (binary supplied by "linux" now) natty_linux-ec2: DNE devel_linux-ec2: DNE Patches_linux-mvl-dove: upstream_linux-mvl-dove: released (2.6.39~rc1) hardy_linux-mvl-dove: DNE lucid_linux-mvl-dove: released (2.6.32-217.34) maverick_linux-mvl-dove: released (2.6.32-417.34) natty_linux-mvl-dove: DNE devel_linux-mvl-dove: DNE Patches_linux-ti-omap4: upstream_linux-ti-omap4: released (2.6.39~rc1) hardy_linux-ti-omap4: DNE lucid_linux-ti-omap4: DNE maverick_linux-ti-omap4: released (2.6.35-903.23) natty_linux-ti-omap4: released (2.6.38-1209.13) devel_linux-ti-omap4: not-affected (2.6.38-1309.13) Patches_linux-lts-backport-maverick: upstream_linux-lts-backport-maverick: released (2.6.39~rc1) hardy_linux-lts-backport-maverick: DNE lucid_linux-lts-backport-maverick: released (2.6.35-30.54~lucid1) maverick_linux-lts-backport-maverick: DNE natty_linux-lts-backport-maverick: DNE devel_linux-lts-backport-maverick: DNE Patches_linux-fsl-imx51: upstream_linux-fsl-imx51: released (2.6.39~rc1) hardy_linux-fsl-imx51: DNE lucid_linux-fsl-imx51: released (2.6.31-610.27) maverick_linux-fsl-imx51: DNE natty_linux-fsl-imx51: DNE devel_linux-fsl-imx51: DNE Patches_linux-lts-backport-natty: upstream_linux-lts-backport-natty: released (2.6.39~rc1) hardy_linux-lts-backport-natty: DNE lucid_linux-lts-backport-natty: not-affected (2.6.38-9.43~lucid1) maverick_linux-lts-backport-natty: DNE natty_linux-lts-backport-natty: DNE devel_linux-lts-backport-natty: DNE