Lucene search

[email protected]NVD:CVE-2010-3081

HistorySep 24, 2010 - 8:00 p.m.

CVE-2010-3081

2010-09-2420:00:02

CWE-119

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a “stack pointer underflow” issue, as exploited in the wild in September 2010.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤2.6.35.4

linuxlinux_kernelMatch2.6.36-

linuxlinux_kernelMatch2.6.36rc1

linuxlinux_kernelMatch2.6.36rc2

linuxlinux_kernelMatch2.6.36rc3

Node

vmwareesxMatch4.0

vmwareesxMatch4.1

Node

susesuse_linux_enterprise_desktopMatch11sp1

susesuse_linux_enterprise_serverMatch11sp1

References

archives.neohapsis.com/archives/fulldisclosure/2010-09/0273.html

archives.neohapsis.com/archives/fulldisclosure/2010-09/0278.html

blog.ksplice.com/2010/09/cve-2010-3081/

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c41d68a513c71e35a14f66d71782d27a79a81ea6

isc.sans.edu/diary.html?storyid=9574

lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html

lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

marc.info/?l=oss-security&m=128461522230211&w=2

secunia.com/advisories/42384

secunia.com/advisories/43315

sota.gen.nz/compat1/

www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log

www.mandriva.com/security/advisories?name=MDVSA-2010:198

www.mandriva.com/security/advisories?name=MDVSA-2010:214

www.mandriva.com/security/advisories?name=MDVSA-2010:247

www.redhat.com/support/errata/RHSA-2010-0758.html

www.redhat.com/support/errata/RHSA-2010-0842.html

www.redhat.com/support/errata/RHSA-2010-0882.html

www.securityfocus.com/archive/1/514938/30/30/threaded

www.securityfocus.com/archive/1/516397/100/0/threaded

www.vmware.com/security/advisories/VMSA-2010-0017.html

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vupen.com/english/advisories/2010/3083

www.vupen.com/english/advisories/2010/3117

www.vupen.com/english/advisories/2011/0298

access.redhat.com/kb/docs/DOC-40265

bugzilla.redhat.com/show_bug.cgi?id=634457

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for NVD:CVE-2010-3081

nessus36 redhat8 vmware2 cvelist1 openvas50 prion1 centos2 oraclelinux7 veracode1 ubuntucve1 cve1 ubuntu4 slackware1 suse8 debian1 osv1 securityvulns2 fedora8 kitploit1