Lucene search

[email protected]NVD:CVE-2010-2942

HistorySep 21, 2010 - 6:00 p.m.

CVE-2010-2942

2010-09-2118:00:02

CWE-401

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.3%

JSON

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤2.6.35.13

linuxlinux_kernelMatch2.6.36-

linuxlinux_kernelMatch2.6.36rc1

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch8.04

canonicalubuntu_linuxMatch9.04

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch10.10

Node

opensuseopensuseMatch11.1

opensuseopensuseMatch11.3

susesuse_linux_enterprise_desktopMatch10sp3

susesuse_linux_enterprise_desktopMatch11-

susesuse_linux_enterprise_desktopMatch11sp1

susesuse_linux_enterprise_serverMatch10sp3

susesuse_linux_enterprise_serverMatch11-

susesuse_linux_enterprise_serverMatch11sp1

Node

avayaaura_communication_managerMatch5.2

avayaaura_presence_servicesMatch6.0

avayaaura_presence_servicesMatch6.1

avayaaura_presence_servicesMatch6.1.1

avayaaura_session_managerMatch1.1

avayaaura_session_managerMatch5.2

avayaaura_session_managerMatch6.0

avayaaura_system_managerMatch5.2

avayaaura_system_managerMatch6.0

avayaaura_system_managerMatch6.1

avayaaura_system_managerMatch6.1.1

avayaaura_system_platformMatch1.1

avayaaura_system_platformMatch6.0-

avayaaura_system_platformMatch6.0sp1

avayaiqMatch5.0

avayaiqMatch5.1

avayavoice_portalMatch5.0

avayavoice_portalMatch5.1-

avayavoice_portalMatch5.1sp1

Node

vmwareesxMatch4.0

vmwareesxMatch4.1

References

git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8

lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html

lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html

lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html

lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

patchwork.ozlabs.org/patch/61857/

secunia.com/advisories/41512

secunia.com/advisories/46397

support.avaya.com/css/P8/documents/100113326

www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2

www.openwall.com/lists/oss-security/2010/08/18/1

www.openwall.com/lists/oss-security/2010/08/19/4

www.redhat.com/support/errata/RHSA-2010-0723.html

www.redhat.com/support/errata/RHSA-2010-0771.html

www.redhat.com/support/errata/RHSA-2010-0779.html

www.securityfocus.com/archive/1/520102/100/0/threaded

www.securityfocus.com/bid/42529

www.ubuntu.com/usn/USN-1000-1

www.vmware.com/security/advisories/VMSA-2011-0012.html

www.vupen.com/english/advisories/2010/2430

www.vupen.com/english/advisories/2011/0298

bugzilla.redhat.com/show_bug.cgi?id=624903

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.3%

JSON

Related for NVD:CVE-2010-2942

prion2 cve2 cvelist2 veracode1 ubuntucve2 nvd1 seebug1 oraclelinux5 openvas22 nessus24 centos2 redhat3 suse7 ubuntu5 vmware2