CVE-2011-1080

The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a ‘’ character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line.

Date published : 2012-06-21

http://downloads.avaya.com/css/P8/documents/100145416

http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39