CVE-2011-1173 — MEDIUM (5.0)

Q: How severe is CVE-2011-1173?

CVE-2011-1173 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1173?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.

Vulnerability Description

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.39

Related Weaknesses (CWE)

CWE-200

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://marc.info/?l=linux-netdev&m=130036203528021&w=2PatchThird Party Advisory
http://securityreason.com/securityalert/8279Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39Release NotesVendor Advisory
http://www.openwall.com/lists/oss-security/2011/03/18/15Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2011/03/21/1Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2011/03/21/4Mailing ListPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=591815#c14Issue TrackingThird Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://marc.info/?l=linux-netdev&m=130036203528021&w=2PatchThird Party Advisory
http://securityreason.com/securityalert/8279Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39Release NotesVendor Advisory
http://www.openwall.com/lists/oss-security/2011/03/18/15Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2011/03/21/1Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2011/03/21/4Mailing ListPatchThird Party Advisory

FAQ

What is CVE-2011-1173?

CVE-2011-1173 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack mem...

How severe is CVE-2011-1173?

CVE-2011-1173 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1173?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.