Lucene search

K

[email protected]NVD:CVE-2010-1437

HistoryMay 07, 2010 - 6:30 p.m.

CVE-2010-1437

2010-05-0718:30:01

CWE-416

CWE-362

[email protected]

web.nvd.nist.gov

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.

Affected configurations

NVD

Node

linuxlinux_kernelRange<2.6.34

OR

linuxlinux_kernelMatch2.6.34rc1

OR

linuxlinux_kernelMatch2.6.34rc2

OR

linuxlinux_kernelMatch2.6.34rc3

OR

linuxlinux_kernelMatch2.6.34rc4

OR

linuxlinux_kernelMatch2.6.34rc5

Node

opensuseopensuseMatch11.1

OR

suselinux_enterprise_desktopMatch11-

OR

suselinux_enterprise_high_availability_extensionMatch11-

OR

suselinux_enterprise_serverMatch11-

Node

debiandebian_linuxMatch5.0

References

lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html

marc.info/?l=linux-kernel&m=127192182917857&w=2

marc.info/?l=linux-kernel&m=127274294622730&w=2

marc.info/?l=linux-kernel&m=127292492727029&w=2

secunia.com/advisories/39830

secunia.com/advisories/40218

secunia.com/advisories/40645

secunia.com/advisories/43315

www.debian.org/security/2010/dsa-2053

www.openwall.com/lists/oss-security/2010/04/27/2

www.openwall.com/lists/oss-security/2010/04/28/2

www.redhat.com/support/errata/RHSA-2010-0474.html

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securityfocus.com/bid/39719

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vupen.com/english/advisories/2010/1857

bugzilla.redhat.com/show_bug.cgi?id=585094

exchange.xforce.ibmcloud.com/vulnerabilities/58254

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9715

patchwork.kernel.org/patch/94038/

patchwork.kernel.org/patch/94664/

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

Related for NVD:CVE-2010-1437

seebug1 veracode1 cvelist1 prion1 ubuntucve1 cve1 nessus19 openvas43 fedora11 oraclelinux3 centos2 redhat3 suse2 vmware3 ubuntu1 securityvulns2 debian1 osv1