CVE-2011-1171 in Kernelinfo

Summary

net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected \0 character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

03/03/2011

Disclosure

06/22/2011

Moderation

VulDB entry created

Entries

VDB-57756 (1)

CPE

ready

CWE

CWE-200 (Confirmed)

CVSS

4.0

EPSS

0.00085

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1171
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1171
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1171/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!