CVE-2011-4913

Priority
Description
The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel
before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and
FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a
denial of service (integer underflow, heap memory corruption, and panic)
via a small length value in data sent to a ROSE socket, or (2) conduct
stack-based buffer overflow attacks via a large length value in data sent
to a ROSE socket.
Ubuntu-Description
Dan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by
amateur radio. A local user or a remote user on an X.25 network could
exploit these flaws to execute arbitrary code as root.
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.39~rc1)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by be20250c13f88375345ad99950190685eda51eb8
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
More Information

Updated: 2019-01-14 22:00:50 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)