Bug 374625 (CVE-2011-1170)

Summary:	Kernel: multiple information leaks (CVE-2011-{1170,1171,1172})
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	hardened-kernel+disabled, kernel
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	[ linux < 2.6.39 ]
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2011-07-10 00:51:55 UTC

CVE-2011-1172 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1172):
  net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux
  kernel before 2.6.39 does not place the expected '\0' character at the end
  of string data in the values of certain structure members, which allows
  local users to obtain potentially sensitive information from kernel memory
  by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and
  then reading the argument to the resulting modprobe process.

CVE-2011-1171 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1171):
  net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux
  kernel before 2.6.39 does not place the expected '\0' character at the end
  of string data in the values of certain structure members, which allows
  local users to obtain potentially sensitive information from kernel memory
  by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and
  then reading the argument to the resulting modprobe process.

CVE-2011-1170 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1170):
  net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux
  kernel before 2.6.39 does not place the expected '\0' character at the end
  of string data in the values of certain structure members, which allows
  local users to obtain potentially sensitive information from kernel memory
  by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and
  then reading the argument to the resulting modprobe process.