CVE-2011-1170

Linux Kernel < 2.6.39 - Information Exposure via arp_tables String Handling

Title source: llm
STIX 2.1

Description

net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

References (11)

Core 11
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8282
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/03/18/15
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2011-0833.html
Patch mailing-list x_refsource_mlist
http://marc.info/?l=netfilter-devel&m=129978081009955&w=2
Various Sources x_refsource_confirm
http://downloads.avaya.com/css/P8/documents/100145416
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/03/21/4
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8278
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/03/21/1

Scores

EPSS 0.0041
EPSS Percentile 32.7%

Details

CWE
CWE-200
Status published
Products (13)
linux/linux_kernel 2.6.0
linux/linux_kernel 2.6.1 (4 CPE variants)
linux/linux_kernel 2.6.2 (4 CPE variants)
linux/linux_kernel 2.6.3 (5 CPE variants)
linux/linux_kernel 2.6.4 (4 CPE variants)
linux/linux_kernel 2.6.5 (4 CPE variants)
linux/linux_kernel 2.6.6 (4 CPE variants)
linux/linux_kernel 2.6.7 (4 CPE variants)
linux/linux_kernel 2.6.8 (5 CPE variants)
linux/linux_kernel 2.6.8.1
... and 3 more
Published Jun 22, 2011
Tracked Since Feb 18, 2026