[Bug 801480] Re: CVE-2011-1170

Mon, 01 Aug 2011 20:16:34 -0700 

** Also affects: linux (Ubuntu Natty)
   Importance: Undecided
       Status: New

** Also affects: linux-fsl-imx51 (Ubuntu Natty)
   Importance: Undecided
       Status: New

** Also affects: linux-ti-omap4 (Ubuntu Natty)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Oneiric)
   Importance: Undecided
       Status: New

** Also affects: linux-fsl-imx51 (Ubuntu Oneiric)
   Importance: Undecided
       Status: Invalid

** Also affects: linux-ti-omap4 (Ubuntu Oneiric)
   Importance: Undecided
       Status: Invalid

** Changed in: linux (Ubuntu Lucid)
       Status: New => Fix Released

** Changed in: linux (Ubuntu Oneiric)
       Status: New => Invalid

** Changed in: linux (Ubuntu Hardy)
       Status: New => Fix Committed

** Changed in: linux (Ubuntu Maverick)
       Status: New => Fix Released

** Changed in: linux (Ubuntu Natty)
       Status: New => Fix Released

** Changed in: linux-ti-omap4 (Ubuntu Maverick)
       Status: In Progress => Fix Committed

** Changed in: linux-ti-omap4 (Ubuntu Natty)
       Status: New => Fix Committed

** Changed in: linux-fsl-imx51 (Ubuntu Lucid)
       Status: In Progress => Fix Committed

** Changed in: linux-fsl-imx51 (Ubuntu Natty)
       Status: New => Invalid

** Description changed:

  net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux
- kernel before 2.6.39 does not place the expected '\0' character at the end
- of string data in the values of certain structure members, which allows
- local users to obtain potentially sensitive information from kernel memory
- by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and
- then reading the argument to the resulting modprobe process.
+ kernel before 2.6.39 does not place the expected '\0' character at the
+ end of string data in the values of certain structure members, which
+ allows local users to obtain potentially sensitive information from
+ kernel memory by leveraging the CAP_NET_ADMIN capability to issue a
+ crafted request, and then reading the argument to the resulting modprobe
+ process.
+ 
+ Fixed-by: 42eab94fff18cb1091d3501cd284d6bd6cc9c143

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/801480

Title:
  CVE-2011-1170

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/801480/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to