CVE-2011-4914

Priority
Description
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not
verify that certain data-length values are consistent with the amount of
data sent, which might allow remote attackers to obtain sensitive
information from kernel memory or cause a denial of service (out-of-bounds
read) via crafted data to a ROSE socket.
Ubuntu-Description
Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer.
A local user or a remote user on an X.25 network could exploit these flaws
to execute arbitrary code as root.
Notes
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.39~rc1)
Patches:
Introduced by
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by
e0bccd315db0c2f919e7fcf9cb60db21d9986f52
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
More Information

Updated: 2019-12-05 20:58:23 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)