Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-2942

Опубликовано: 21 сент. 2010
Источник: nvd
CVSS3: 5.5
CVSS2: 2.1
EPSS Низкий

Описание

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 2.6.35.13 (включая)
cpe:2.3:o:linux:linux_kernel:2.6.36:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.36:rc1:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:avaya:aura_communication_manager:5.2:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_presence_services:6.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_presence_services:6.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_presence_services:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:1.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:5.2:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:6.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:5.2:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:6.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:6.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_platform:1.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_platform:6.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_platform:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:iq:5.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:iq:5.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:voice_portal:5.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:voice_portal:5.1:-:*:*:*:*:*:*
cpe:2.3:a:avaya:voice_portal:5.1:sp1:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 4%
0.00022
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-401

Связанные уязвимости

ubuntu логотип

CVE-2010-2942

CVSS3: 5.5
ubuntu
почти 15 лет назад

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

redhat логотип

CVE-2010-2942

redhat
почти 15 лет назад

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

debian логотип

CVE-2010-2942

CVSS3: 5.5
debian
почти 15 лет назад

The actions implementation in the network queueing functionality in th ...

github логотип

GHSA-57r8-mcj9-q86m

CVSS3: 5.5
github
около 3 лет назад

The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.

oracle-oval логотип

ELSA-2010-2008

oracle-oval
больше 14 лет назад

ELSA-2010-2008: Unbreakable enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 4%
0.00022
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-401