CVE-2011-4914 (retired)

Priority
Description
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not
verify that certain data-length values are consistent with the amount of
data sent, which might allow remote attackers to obtain sensitive
information from kernel memory or cause a denial of service (out-of-bounds
read) via crafted data to a ROSE socket.
Ubuntu-Description
Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer.
A local user or a remote user on an X.25 network could exploit these flaws
to execute arbitrary code as root.
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.39~rc1)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by e0bccd315db0c2f919e7fcf9cb60db21d9986f52
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
Package
Upstream:released (2.6.39~rc1)
More Information

Updated: 2019-03-26 11:59:37 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)