CVE-2011-1493

Priority
Description
Array index error in the rose_parse_national function in
net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote
attackers to cause a denial of service (heap memory corruption) or possibly
have unspecified other impact by composing FAC_NATIONAL_DIGIS data that
specifies a large number of digipeaters, and then sending this data to a
ROSE socket.
Ubuntu-Description
Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges.
Notes
 kees> e0bccd315db0c2f919e7fcf9cb60db21d9986f52 will likely end up in its
 kees> own CVE in the future.
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
More Information

Updated: 2019-01-14 21:57:07 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)