| Revision Date: | 2013-03-15 | Version: | 1 | | Title: | CVE-2012-6543 on Ubuntu 12.04 LTS (precise) - low. | | Description: | The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. Mathias Krause discovered an information leak in the Linux kernel's implementation of getsockname for Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to examine some of the kernel's stack memory.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2012-6543
| | Platform(s): | Ubuntu 12.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 12.04 LTS (precise) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in precise is not affected.
OR NOT While related to the CVE in some way, the 'linux-armadaxp' package in precise is not affected.
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-lts-quantal' package in precise is not affected (note: '3.5.0-18.29~precise1').
OR NOT While related to the CVE in some way, the 'linux-lts-raring' package in precise is not affected.
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-ti-omap4' package in precise is not affected.
|
|