CVE-2011-1078

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.39

Description The issue is related to the sco sock getsockopt old function in the Linux kernel, which does not properly initialize a certain structure. This allows local users to potentially obtain sensitive information from kernel stack memory via the SCO CONNINFO option.

Recommendations For versions prior to 2.6.39, update to version 2.6.39 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CESA-2012_1156

CVE-2011-1078

DSA-2240-1

DSA-2264-1

RHSA-2011:0500

RHSA-2011:0833

RHSA-2011_0833

RHSA-2012:1156

RHSA-2012_1156

Affected Products

Centos

Linux Kernel

Red Hat

CVE-2011-1078

Weakness Enumeration

Related Identifiers

Affected Products

References · 10