Vulnerability Details : CVE-2011-1173
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.
Vulnerability category: Information leak
Threat overview for CVE-2011-1173
Top countries where our scanners detected CVE-2011-1173
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2011-1173 1,556
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-1173!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-1173
Probability of exploitation activity in the next 30 days: 0.59%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1173
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-1173
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1173
-
http://securityreason.com/securityalert/8279
linux kernel 2.6.38.8 econet infoleak to the network - CXSecurity.comThird Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=67c5c6cb8129c595f21e88254a3fc6b3b841ae8e
-
https://bugzilla.redhat.com/show_bug.cgi?id=591815#c14
591815 – (CVE-old-kernel) CVE kernel non-issue statementsIssue Tracking;Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
404: File not foundRelease Notes;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2011/03/21/4
oss-security - Re: CVE request: kernel: netfilter & econet infoleaksMailing List;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2011/03/18/15
oss-security - CVE request: kernel: netfilter & econet infoleaksMailing List;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2011/03/21/1
oss-security - Re: CVE request: kernel: netfilter & econet infoleaksMailing List;Patch;Third Party Advisory
-
http://marc.info/?l=linux-netdev&m=130036203528021&w=2
'[PATCH] econet: 4 byte infoleak to the network' - MARCPatch;Third Party Advisory
Products affected by CVE-2011-1173
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*