CVE-2011-1080

Priority
Description
The do_replace function in net/bridge/netfilter/ebtables.c in the Linux
kernel before 2.6.39 does not ensure that a certain name field ends with a
'\0' character, which allows local users to obtain potentially sensitive
information from kernel stack memory by leveraging the CAP_NET_ADMIN
capability to replace a table, and then reading a modprobe command line.
Ubuntu-Description
Vasiliy Kulikov discovered that bridge network filtering did not check that
name fields were NULL terminated. A local attacker could exploit this to
leak contents of kernel stack memory, leading to a loss of privacy.
Notes
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.39~rc1)
Patches:
Introduced by
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by
d846f71195d57b0bbb143382647c2c6638b04c5a
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
More Information

Updated: 2019-12-05 20:56:44 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)