Your submission was sent successfully! Close

CVE-2011-1173

Published: 22 June 2011

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.

From the Ubuntu Security Team

Vasiliy Kulikov discovered that the Acorn Universal Networking driver did not correctly initialize memory. A remote attacker could send specially crafted traffic to read kernel stack memory, leading to a loss of privacy.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
hardy
Released (2.6.24-29.92)
lucid
Released (2.6.32-32.62)
maverick
Released (2.6.35-30.52)
natty
Released (2.6.38-9.43)
upstream
Released (2.6.39~rc1)
Patches:
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=67c5c6cb8129c595f21e88254a3fc6b3b841ae8e
linux-ec2
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (2.6.32-316.30)
maverick Ignored
(binary supplied by "linux" now)
natty Does not exist

upstream
Released (2.6.39~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (2.6.31-610.27)
maverick Does not exist

natty Does not exist

upstream
Released (2.6.39~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (2.6.35-30.54~lucid1)
maverick Does not exist

natty Does not exist

upstream
Released (2.6.39~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable
(2.6.38-9.43~lucid1)
maverick Does not exist

natty Does not exist

upstream
Released (2.6.39~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (2.6.32-217.34)
maverick
Released (2.6.32-417.34)
natty Does not exist

upstream
Released (2.6.39~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick
Released (2.6.35-903.23)
natty
Released (2.6.38-1209.13)
upstream
Released (2.6.39~rc1)