The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
| Link | Tags |
|---|---|
| http://marc.info/?l=linux-netdev&m=130036203528021&w=2 | mailing list third party advisory patch |
| http://www.openwall.com/lists/oss-security/2011/03/18/15 | mailing list third party advisory patch |
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=67c5c6cb8129c595f21e88254a3fc6b3b841ae8e | |
| http://securityreason.com/securityalert/8279 | third party advisory |
| http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 | release notes vendor advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=591815#c14 | issue tracking third party advisory |
| http://www.openwall.com/lists/oss-security/2011/03/21/4 | mailing list third party advisory patch |
| http://www.openwall.com/lists/oss-security/2011/03/21/1 | mailing list third party advisory patch |