CVE-2011-4913

The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket.

From the Ubuntu Security Team

Dan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by amateur radio. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	12.10 quantal	Not affected
	12.04 LTS precise	Not affected
	11.10 oneiric	Not affected
	11.04 natty	Fixed 2.6.38-9.43
	10.10 maverick	Fixed 2.6.35-30.52
	10.04 LTS lucid	Fixed 2.6.32-32.62
	8.04 LTS hardy	Fixed 2.6.24-29.93
linux-armadaxp	12.10 quantal	Not affected
	12.04 LTS precise	Not affected
	11.10 oneiric	Not in release
	11.04 natty	Not in release
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release
linux-ec2	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	11.10 oneiric	Not in release
	11.04 natty	Not in release
	10.10 maverick	Ignored end of life
	10.04 LTS lucid	Fixed 2.6.32-316.30
	8.04 LTS hardy	Not in release
linux-fsl-imx51	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	11.10 oneiric	Not in release
	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Fixed 2.6.31-610.27
	8.04 LTS hardy	Not in release
linux-lts-backport-maverick	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	11.10 oneiric	Not in release
	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Fixed 2.6.35-30.54~lucid1
	8.04 LTS hardy	Not in release
linux-lts-backport-natty	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	11.10 oneiric	Not in release
	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not in release
linux-lts-backport-oneiric	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	11.10 oneiric	Not in release
	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not in release
linux-mvl-dove	12.10 quantal	Not in release
	12.04 LTS precise	Not in release
	11.10 oneiric	Not in release
	11.04 natty	Not in release
	10.10 maverick	Fixed 2.6.32-417.34
	10.04 LTS lucid	Fixed 2.6.32-217.34
	8.04 LTS hardy	Not in release
linux-ti-omap4	12.10 quantal	Not affected
	12.04 LTS precise	Not affected
	11.10 oneiric	Not affected
	11.04 natty	Fixed 2.6.38-1209.13
	10.10 maverick	Fixed 2.6.35-903.23
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Introduced by 1da177e, fixed by be20250

References

Related Ubuntu Security Notices (USN)

USN-1204-1
Linux kernel (i.MX51) vulnerabilities
13 September 2011

USN-1189-1
Linux kernel vulnerabilities
19 August 2011

USN-1202-1
Linux kernel (OMAP4) vulnerabilities
13 September 2011

USN-1160-1
Linux kernel vulnerabilities
28 June 2011

USN-1141-1
Linux kernel vulnerabilities
1 June 2011

USN-1162-1
Linux kernel vulnerabilities (Marvell Dove)
29 June 2011

USN-1167-1
Linux kernel vulnerabilities
13 July 2011

USN-1187-1
Linux kernel (Maverick backport) vulnerabilities
9 August 2011

USN-1212-1
Linux kernel (OMAP4) vulnerabilities
21 September 2011

USN-1159-1
Linux kernel vulnerabilities (Marvell Dove)
13 July 2011

From the Ubuntu Security Team

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references