CVE-2010-2478

Опубликовано: 29 сент. 2010

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084.

Ссылки

http://article.gmane.org/gmane.linux.network/164869
Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db048b69037e7fa6a7d9e95a1271a50dc08ae233
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
Mailing List
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.7
Broken Link
http://www.openwall.com/lists/oss-security/2010/06/29/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/06/29/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/06/30/17
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/41223
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1000-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=608950
Issue Tracking
Third Party Advisory
http://article.gmane.org/gmane.linux.network/164869
Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db048b69037e7fa6a7d9e95a1271a50dc08ae233
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
Mailing List
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.7
Broken Link
http://www.openwall.com/lists/oss-security/2010/06/29/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/06/29/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/06/30/17
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/41223
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1000-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=608950
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x86:*

Версия до 2.6.33.7 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00047

Низкий

7.2 High

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2010-2478

ubuntu

около 15 лет назад

CVE-2010-2478

redhat

больше 15 лет назад

CVE-2010-2478

debian

около 15 лет назад

Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool ...

GHSA-jh48-465p-8xm7

github

больше 3 лет назад

SUSE-SU-2015:0652-1

suse-cvrf

больше 13 лет назад

Security update for Kernel

EPSS

Процентиль: 15%

0.00047

Низкий

7.2 High

CVSS2

Дефекты

CWE-190