CVE-2011-1493

Priority
Description
Array index error in the rose_parse_national function in
net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote
attackers to cause a denial of service (heap memory corruption) or possibly
have unspecified other impact by composing FAC_NATIONAL_DIGIS data that
specifies a large number of digipeaters, and then sending this data to a
ROSE socket.
Ubuntu-Description
Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges.
Notes
keese0bccd315db0c2f919e7fcf9cb60db21d9986f52 will likely end up in its
own CVE in the future.
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
More Information

Updated: 2019-12-05 20:56:57 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)