PublicDateAtUSN: 2011-06-22 Candidate: CVE-2011-1172 PublicDate: 2011-06-22 22:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172 https://ubuntu.com/security/notices/USN-1167-1 https://ubuntu.com/security/notices/USN-1159-1 https://ubuntu.com/security/notices/USN-1160-1 https://ubuntu.com/security/notices/USN-1141-1 https://ubuntu.com/security/notices/USN-1162-1 https://ubuntu.com/security/notices/USN-1186-1 https://ubuntu.com/security/notices/USN-1187-1 https://ubuntu.com/security/notices/USN-1202-1 https://ubuntu.com/security/notices/USN-1204-1 https://ubuntu.com/security/notices/USN-1212-1 Description: net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. Ubuntu-Description: Vasiliy Kulikov discovered that the netfilter code did not check certain strings copied from userspace. A local attacker with netfilter access could exploit this to read kernel memory or crash the system, leading to a denial of service. Notes: Bugs: https://launchpad.net/bugs/801483 Priority: low Discovered-by: Vasiliy Kulikov Assigned-to: CVSS: Patches_linux: upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6a8ab060779779de8aea92ce3337ca348f973f54 upstream_linux: released (2.6.39~rc1) hardy_linux: released (2.6.24-29.92) lucid_linux: released (2.6.32-32.62) maverick_linux: released (2.6.35-30.52) natty_linux: released (2.6.38-9.43) devel_linux: not-affected (2.6.39-0.1) Patches_linux-ec2: upstream_linux-ec2: released (2.6.39~rc1) hardy_linux-ec2: DNE lucid_linux-ec2: released (2.6.32-316.30) maverick_linux-ec2: ignored (binary supplied by "linux" now) natty_linux-ec2: DNE devel_linux-ec2: DNE Patches_linux-mvl-dove: upstream_linux-mvl-dove: released (2.6.39~rc1) hardy_linux-mvl-dove: DNE lucid_linux-mvl-dove: released (2.6.32-217.34) maverick_linux-mvl-dove: released (2.6.32-417.34) natty_linux-mvl-dove: DNE devel_linux-mvl-dove: DNE Patches_linux-ti-omap4: upstream_linux-ti-omap4: released (2.6.39~rc1) hardy_linux-ti-omap4: DNE lucid_linux-ti-omap4: DNE maverick_linux-ti-omap4: released (2.6.35-903.23) natty_linux-ti-omap4: released (2.6.38-1209.13) devel_linux-ti-omap4: not-affected (2.6.38-1309.13) Patches_linux-lts-backport-maverick: upstream_linux-lts-backport-maverick: released (2.6.39~rc1) hardy_linux-lts-backport-maverick: DNE lucid_linux-lts-backport-maverick: released (2.6.35-30.54~lucid1) maverick_linux-lts-backport-maverick: DNE natty_linux-lts-backport-maverick: DNE devel_linux-lts-backport-maverick: DNE Patches_linux-fsl-imx51: upstream_linux-fsl-imx51: released (2.6.39~rc1) hardy_linux-fsl-imx51: DNE lucid_linux-fsl-imx51: released (2.6.31-610.27) maverick_linux-fsl-imx51: DNE natty_linux-fsl-imx51: DNE devel_linux-fsl-imx51: DNE Patches_linux-lts-backport-natty: upstream_linux-lts-backport-natty: released (2.6.39~rc1) hardy_linux-lts-backport-natty: DNE lucid_linux-lts-backport-natty: not-affected (2.6.38-9.43~lucid1) maverick_linux-lts-backport-natty: DNE natty_linux-lts-backport-natty: DNE devel_linux-lts-backport-natty: DNE